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IBM  hitting  pay  dirt 
with  software  push 


INSIDE 


■  BY  ANN  BEDNARZ,  DENISE  DUBIE  AND 
JOHN  FONTANA 


ARMONK,  N.Y —  IBM’s  software  business  finally  has 
found  a  focus. Three  years  ago  IBM  stopped  trying  to 


Second  of 
two  parts 


make  its  own  business  applications  and  turned  its 
attention  to  building  infrastructure  software,  including 
application  servers,  databases,  collaboration  tools,  and  network  and 
security  management  products. 

Today  it’s  reaping  the  rewards. 

See  IBM,  page  14 


Variety  of  VPN  services 
on  tap  from  Verizon 
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IfcWhen  Microsoft  gives 
[developers]  these  APIs,  it  will  be 
easier  to  scan  for  viruses.  9  9 

Bruce  Hughes 

Content  security  lab  manager,  ICSA  Labs 


■  BY  DENISE  PAPPALARDO  AND 
MICHAEL  MARTIN 

Verizon  is  mustering  a  man¬ 
aged  VPN  effort  that  will  offer 
customers  more  advanced  ser¬ 
vice  choices  and  further  dis¬ 
tance  the  carrier  from  once- 

ItaorkWorid 
EXCLUSIVE 

■  BY  MICHAEL  HOMMER, 
NETWORK  WORLD  GLOBAL 
TEST  ALLIANCE 

Cisco  has  entered  the  stor¬ 
age  market  with  a  bang, 
introducing  a  feature- 


close  IP  partner  Genuity 
The  local  exchange  carrier 
(LEC)  says  it  will  introduce  its 
first  Verizon-managed  IP  VPN  ser¬ 
vice  in  March.Verizon  is  building 
a  Multi-protocol  Label  Switching 
(MPLS)  network  to  support  a 
See  Verizon,  page  12 


rich,  director-class  switch  that  in 
our  tests  delivered  some  of  the 
best  performance  metrics  we’ve 
ever  recorded. 

In  an  exclusive  Network  World 
product  test,  the  112-port  Multi¬ 
layer  DataCenter  Switch  (MDS) 


■  BY  ELLEN  MESSMER 

REDMOND,  WASH.  —  Microsoft 
is  working  behind  the  scenes 
with  leading  antivirus  software 
vendors  to  improve  the  way  desk¬ 
top  security  software  works  with 
its  next  major  operating  system, 
code-named  Longhorn. 

Under  enormous  pressure  from 
customers,  partners  and  com¬ 
petitors  to  clean  up  its  security 
act,  Microsoft  plans  to  open  up 
Longhorn  through  one  hundred 
or  so  APIs  that  antivirus  software 
developers  could  use  to  get  a 
more  direct  path  into  the  operat¬ 
ing  system  and  applications  run¬ 
ning  on  it.  Longhorn  will  be  only 
client  desktop  software, and  ac¬ 
cording  to  Microsoft,  Longhorn 


9509  demonstrated  wire-speed 
throughput  for  small  and  large 
frames  at  2G  bit/sec  rates. 

The  MDS  9509  also  sports  some 
noteworthy  features,  including 
support  for  virtual  storage-area 
networks  (VSAN),a  Cisco  innova¬ 
tion  that  contributes  to  high  avail¬ 
ability  and  scalability 
This  combination  earned  the 
MDS  9509  our  World  Class  award. 

We  tested  Version  1.0(1)  in  mid- 
December  when  Cisco  released 
gold  code.The  product  will  not  be 
widely  available  until  IBM  starts 
reselling  it  as  part  of  a  deal  the 
two  giants  announced  this  week. 
Management  was  not  only  ex- 


isn’t  expected  out  until  late  2004 
or  early  2005. 

“When  Microsoft  gives  [devel¬ 
opers]  these  APIs,  it  will  be  easier 
to  scan  for  viruses,”  says  Bruce 
Hughes,  content  security  lab 
manager  at  ICSA  Labs,  a  Mechan- 
icsburg, Pa., organization  that  tests 
antivirus  products. 

Those  familiar  with  the  plan  say 
Microsoft’s  effort  to  work  with 


cellent,  but  also  is  supported  on 
the  MDS  9509  at  no  extra  charge. 
Cisco  says  per-port  pricing  will 


antivirus  software  vendors  should 
result  in  products  that  are  less 
prone  to  interfering  with  oper¬ 
ating  systems  and  applications. 

“Antivirus,  for  Microsoft,  is  a  nui¬ 
sance,”  says  John  Pescatore,  a 
security  analyst  at  Gartner,  point¬ 
ing  to  part  of  the  company’s  in¬ 
centive  to  work  more  closely  with 
antivirus  companies. 

See  Microsoft,  page  12 


cost  about  $2,000. 

The  MDS  9509  is  a  modular, 
multislot  chassis  with  two  slots 

■  IBM  lends 
a  shoulder  to 
Cisco's  new 
storage 
switch  plan. 
Page  10. 

blades.  It  is  a  2G  bit/sec  Fibre 
Channel  system,  and  that  is  the 
rate  at  which  we  tested  it.  But  like 
other  Fibre  Channel  switches,  it 
can  autonegotiate  down  to  1G 
bit/sec. 

While  multiple  protocols,  in¬ 
cluding  Fibre  Channel  over  IF,1 

See  Cisco,  page  49 


Cisco  Multilayer  DataCenter  Switch  9509 

Cisco's  first  storage  switch  raises  the  bar 


for  the  switch 
fabric  and  seven 
switching  mod¬ 
ule  slots  that  can 
accommodate 
MDS  series 
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Are  your  employees  happier,  more 

contact  centers 

services.  From  network  assess- 

productive  and  more  accessible? 

In  the  state  of  Avaya,  the  multi- 

ment  and  design  to  integration 

Can  you  sit  like  me?  Kidding.  It’s 

media  contact  center  is  vital  to 

and  implementation,  all  support- 

not  required.  Read  on.  Perhaps 
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ed  by  the  world’s  best  manage- 

there  is  opportunity  for  your 
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Avaya  Global  Services  provides 

get  insightful  reporting  and  analy- 

multi-vendor,  multi-technology 

world  leader  in 
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fixed.  Often,  without  anyone 
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on  your  end  even  knowing 

about  it.  In  the  state  of  Avaya, 

ways  to  bring  voice  over  your  data 
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diagnostics  begin  within  90 

network.  With  one  of  the  strongest 

sets  of  voice  apps  anywhere.  Things 

Over  100  million  voice  mailboxes 
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like  IP  telephony,  extension  to  cel- 

new  level  of  mobile  productivity- 

lular,  and  6-party  conferencing. 

Unified  Communication. 
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want  to  hide  it  in  the  closet.  And 
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communications  company.  The 
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can  service  clients  from  any- 
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that  path  to  IP  telephony.  Avaya 

convergence  of  technologies  that 
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frees  the  spirit  and  cuts  the  cord 

communication.  Avaya.com/state 
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And  that's  just  one  office.  Monitor  and  manage  all  your  storage 

from  a  single  point  with  BrightStor  Portal. 

You're  burning  the  midnight  oil.  So  is  your  storage  network.  And  the  only  things  growing  faster  than  your  storage  needs 
are  your  storage  problems.  The  solution?  BrightStor™  Portal.  A  breakthrough  in  enterprise-wide  storage  software  that  provides 
a  single  point  of  management.  With  a  flexible  portal  interface  that's  easy  to  use,  BrightStor  Portal  gives  you  a  customized  view 
of  your  entire  storage  environment  so  you  can  respond  to  any  issue,  anytime,  anywhere.  In-depth  access  to  business-critical 
information  24  x  7  will  help  you  simplify  operations,  increase  productivity  and  maximize  cost  efficiency  across  your  enterprise. 
Hey,  with  more  and  more  issues  under  control,  you  may  actually  get  to  go  home.  ca.com/brightstor/portal 


BrightStor™  Storage  Solutions 
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IBM  pitches  supercomputing  to  go 

■  Want  supercomputing  power  without  buying  and  running  a 
supercomputer?  Ask  IBM.  Big  Blue  is  offering  customers  access  to 
IBM-managed  supercomputer  clusters  as  part  of  its  corporate 
e-business  on-demand  initiative.The  idea  is  that  customers  will  pay 
for  processing  power  on  an  as-needed  basis,  depending  on  capac¬ 
ity  and  duration  of  use.  The  service  is  aimed  at  industries  such  as 
energy,  life  sciences  and  entertainment  that  require  large-scale 
computing  power,  often  only  in  short  bursts.  The  data  processing 
division  of  Petroleum  Geo-Services  will  be  the  first  company  to  try 
out  IBM’s  supercomputer  on-demand.  It  is  using  the  services  for  a 
computationally  intensive  seismic-imaging  project  in  the  Gulf  of 
Mexico.  To  support  its  new  on-demand  services,  IBM  is  building  a 
grid  of  Unix  servers  running  IBM’s  Power4  processors  and  a  Linux 
cluster  of  rack  servers  based  on  Intel’s  Xeon  processors.  The  first 
IBM  supercomputing  hosting  facility  will  be  in  Poughkeepsie,  N.Y 

Big  Blue  shifts  Zollar  from  Lotus 

■  IBM  is  transferring  A1  Zollar,  general  manager  of  its  Lotus  division  for  the  past  three 
years,  to  head  its  iSeries  server  group.  Ambuj  Goyal, currently  general  manager  of  solutions 
and  strategy  for  the  software  group,  now  will  head  Lotus.  No  date  has  been  set  for  the 
move,  nor  was  any  reason  offered  other  than  that  it  is  IBM  practice  to  regularly  move  exec¬ 
utives  to  new  positions.  Zollar  took  over  for  Jeffrey  Papows  upon  his  arrival  at  Lotus  and 
held  the  positions  of  CEO  and  president  of  what  then  was  Lotus  Development.  Soon  after 
Zollar  took  the  helm,  though, speculation  started  that  IBM  was  going  to  fully  absorb  Lotus, 
which  it  acquired  in  1995  and  allowed  largely  to  run  on  its  own.  Eventually  Zollar’s  title 
was  changed  to  general  manager,  and  IBM  officially  if  quietly,  announced  that  Lotus  was 
being  run  as  a  software  division  of  IBM. 

Management  outsourcing  group  disbands 

■  The  Strategic  Sourcing  Advisory  Council  (SSAC,  formerly  MSP  Association)  recently 
decided  to  cease  operations.The  industry  group  emerged  in  1999  to  develop  standards 
for  outsourced  management  services  and  grew  to  include  more  than  100  high-tech  soft¬ 
ware  and  services  companies. SSAC  Executive  Director  Carolyn  Holden  detailed  in  a  let¬ 
ter  how  economic  distractions  at  member  companies  took  resources  away  from  the 
SSACs  work.  A  consulting  group,  the  MSP  Alliance,  pledged  shortly  after  the  SSAC  an¬ 
nouncement  to  continue  with  its  work  in  outsourced  management  education.  In  2000, 
the  managed  service  provider  market  reached  $172  million,  and  at  that  time,  IDC  pro¬ 
jected  the  market  would  grow  to  $1.1  billion  by  2005.  Audrey  Rasmussen,  an  analyst  at 
Enterprise  Management  Associates,  says  forecasters  assumed  the  MSP  market  “was  a 
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■  Th(  Good  BadTheUgly 


<g>  End  of  the  WorldCom?  For  all  of  you  concerned  that  the 
end  of  WorldCom  could  spell  the  end  of  the  world,  take  comfort  in  these 
words  from  John  Malone,  CEO  of  consultancy  Eastern  Management 
Group:  "It  may  serve  WorldCom's  agenda  for  the  world  to  think  that  it 
can't  possibly  get  along  without  WorldCom.  But  there  is  no  basis  for 
such  a  dire  conclusion." 


The  price  of  spam.  u.s. 

businesses  are  paying  a  hefty  price 
for  spam,  according  to  a  new 
survey  from  Ferris  Research. 

Spam  costs  U.S.  businesses  $8.9 
billion  per  year,  largely  the  result  of  lost 
productivity  and  system/network  upgrades, 
the  survey  says.  > 


©  Storage  sob  stoiy.  One-time  high-flyer  StorageNetworks 
last  week  announced  it  is  cutting  its  workforce  in  half,  to  about  110 
employees.  Initially  a  storage  service  provider,  StorageNetworks  recently 
refocused  on  selling  storage  resource  management  software.  But  the 
company  says  the  tough  economy  and  immaturity  of  its  market  have 
forced  its  latest  move.  Also,  co-founder  Peter  Bell  is  stepping  down  as 
CEO,  although  he  will  continue  as  chairman. 


new  paradigm  that  would  take  over  a  majority  of  IT  management,  when  the  more  rea¬ 
sonable  assumption  was  that  it  would  be  used  selectively  and  as  a  supplement  to  IT.” 


Network-1  board  ditches  GEO,  GF0 

■  The  board  of  directors  of  Network-1  Security  Solutions  last  week  fired  the  company’s 
president  and  CEO  Richard  Kosinski  and  CFO  Murray  Fish  after  each  filed  lawsuits 
against  Network-1  seeking  compensation  and  bonuses  worth  about  $400,000, according 
to  sources  on  the  board.  Network-1,  which  recently  announced  it  would  no  longer  sell 
its  CyberwallPlus  firewall  product  line,  named  an  independent  financial  consultant, 
Edward  James,  as  interim  CEO  and  CFO.  Network-1,  which  says  it  has  sufficient  funds  to 
stay  open  through  2003  with  a  staff  of  fewer  than  a  dozen  employees,  is  actively  seeking 
a  merger  partner. 

Management  vendors  swap  lawsuits 

■  Management  software  vendors  Aprisma  Management  Technologies  and  Smarts  last 
week  filed  lawsuits  against  each  other.  Aprisma  of  Portsmouth,  N.H.,  filed  a  suit  with  the 
U.S.  Federal  Court,  Southern  District  of  New  York,  alleging  that  Smarts  has  been  and  still 
is  infringing  on  five  of  Aprismas  patents  by  making  and  selling  network  products, includ¬ 
ing  its  InCharge  products.  Aprismas  Spectrum  software  competes  with  Smarts’  InCharge. 
Smarts,  of  White  Plains,  N.Y,  also  filed  suit  alleging  the  Aprisma  patents  are  invalid  and 
declared  the  company  has  not  infringed  on  any  valid  and  enforceable  patents. 


*»Man  in  the  know. 

^St . 


move. 


He  anticipates  his  clients'  every  need.  He  expects  the  same.  And  that's  just 

*  Jte; 

what  happened  when  William's  credit  card  company  detected  a  suspicious 
charge.  Since  his  cell  phone  jjs  activated  on  the  network,  the  bank  could  get 


to  him  immediately  with  a  copy  of  the  transaction.  The  charge  was  legit. 
Yep,  he  was  spared  the  hassle  of  his  card  refused  in  front  of  clients  at  the 


clubhouse.  At  Nortel  Networks/"  we  call  this  "the  engaged  business 
model."  And  we  make  it  possible  by  enabling  business  to  engage  their 
customers  through  delivering  critical,  time-sensitive  information  on 
whatever  device  they  prefer.  Before  they  even  know  they  need  it.  So 
businesses  can  win  the  loyalty  necessary  to  build  a  solid  revenue  base. 
Leveraging  solutions  like  contact  centers  and  application-aware 
switching.  Insuring  user  mobility  and  network  continuity.  Accelerating 
productivity  while  lowering  costs.  The  results:  customers  like  William 
become  customers  for  life.  All  delivered  by  our  enterprise  vision.  One 
network.  A  world  of  choice,  nortelnetworks.com/onenetwork 
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Vendors  show  what's  in  store  for  retail 


■  BY  ANN  BEDNARZ 

NEW  YORK  —  When  retailer 
Saks  reported  results  last  fall  that 
beat  Wall  Streets  expectations, 
executives  cited  improved  profit 
margins,  “due  to  carefully  con¬ 
trolled  inventories  and  reduced 
levels  of  clearance  merchandise 
and  promotional  activity 

Behind  the  scenes,  software 
from  Spotlight  Solutions  played  a 
role  in  Saks  gross-margin  gains. 
Spotlight  makes  revenue  opti¬ 
mization  software  that  uses  algo¬ 
rithms  to  crunch  historical  point- 
of-sale  data  and  help  retailers  de¬ 
cide  when  and  how  much  to  dis¬ 
count  their  surplus  merchandise. 

Spotlight  is  one  of  several  ven¬ 
dors  that  will  highlight  new  pric¬ 
ing  and  markdown  software  at 


this  week’s  National  Retail  Fed¬ 
eration  annual  convention  and 
exposition,  which  the  NRF  ex¬ 
pects  will  draw  up  to  15,000  atten¬ 
dees  and  300  exhibitors. 

Demand  for  revenue  optimiza¬ 
tion  software  is  exploding  among 
retailers,  says  Paula  Rosenblum, 
research  director  at  AMR  Re¬ 
search.  The  market  includes  soft¬ 
ware  that  helps  retailers  establish 
a  product’s  base  price;  markdown 
software;  and  promotions  soft¬ 
ware,  which  applies  base-pricing 
guidelines  to  advertised  sales 
merchandise. 

Revenue  optimization  is  a  diffi¬ 
cult  science  with  high  stakes. 
“Some  of  this  math  has  just  gone 
beyond  retailers’  ability  to  do  it 
manually  Rosenblum  says. 

At  the  NRF  show,  Spotlight  will 


demonstrate  a  retooled  product 
line. The  company  is  unveiling  its 
Retail  Advisor  suite,  which  com¬ 
bines  existing  markdown  opti¬ 
mization  software  with  a  new 
module  designed  for  promo¬ 
tional  markdowns. 

Similarly  competitor  KhiMetrics 
is  adding  promotion  features  to 
its  lineup  of  revenue  manage¬ 
ment  components.  Its  new  mod¬ 
ule  provides  product  and  price 
recommendations  to  help  retail¬ 
ers  decide  which  products  to 
promote,  where  and  when  to  pro¬ 
mote  them,  and  which  customers 
to  target.  The  software  also  rec¬ 
ommends  promotional  prices 
and  measures  the  effectiveness  of 
the  campaigns. 

In  general,  retailers  are  showing 
renewed  interest  in  technologies 


POS  possibilities 

Currently 

45% 

of  specialty  retailers 
have  outdated  POS 
systems  that  run  DOS 
or  OS/2.  Upgrading  to 
Windows  NT  or  Java 
could  reduce  cost  of 
ownership  of  POS 
systems  by  50%,  says 
Forrester  Research. 


that  are  aimed  at  improving  their 
stores  —  as  opposed  to  corpo¬ 
rate-focused  technologies  such  as 


Alliance  members  test  ID  mgmt.  spec 


■  BY  JOHN  FONTANA 

After  more  than  a  year  spent  crafting  a  spec¬ 
ification,  the  Liberty  Alliance  Project  now  has 
some  of  the  largest  end-user  companies  in  the 
U.S.  testing  it  to  see  if  Liberty  can  deliver  on 
the  promise  of  a  federated  identity  manage¬ 
ment  system. 

A  founding  member  of  the  alliance,  General 
Motors  is  testing  the  specification  by  incorpo¬ 
rating  it  into  security  software  for  its  employee 
intranet  called  MySocrates.  The  Liberty-ena¬ 
bled  software  gives  users  one  ID  for  accessing 
internal  human  resources  data  and  external 
Web  sites  for  401  (k)  and  health-benefit  ser¬ 
vices.  GM  also  is  evaluating  the 
Liberty  Alliance  specification  as 
the  foundation  for  a  universal 
authentication  service  for  its  net¬ 
work  of  10,000  supplier  partners. 

“We  hope  any  early  successes  will 
galvanize  the  industry  around  iden¬ 
tity  management  and  show  the 
industry  how  it  should  move  for¬ 
ward,"  says  Rich  Taggart,  director  of 
enterprise  architecture  and  IT  stan¬ 
dards  for  GM’s  global  technology 
management  group. 

A  collection  of  the  largest  banks 
in  the  U.S.  is  working  with  consult¬ 
ing  firm  Niteo  Partners,  another 
alliance  member,  to  create  a  net¬ 
work  for  sharing  data  secured  by 
Liberty-based  identity  services.  The 
firm  also  is  working  with  the  Bond 
Market  Association,  a  trade  group 
representing  the  $17  trillion  global 
debt  markets,  to  build  a  Liberty- 
secured  data  portal  this  year  for 
bond  dealers  to  do  everything  from 
find  new  issues  to  resolve  post¬ 
trade  disputes. 


Each  of  these  efforts  is  important  proving 
ground  for  the  150-member  Alliance,  whose 
membership  has  grown  sixfold  since  its  incep¬ 
tion  in  September  2001. The  group  plans  its  2.0 
release  of  the  specification  for  mid-2003, 
which  would  add  a  permission  framework 
that  provides  privacy  controls. 

The  specification,  which  already  has  seen 
support  in  products  from  vendors  such  as 
Entrust,  Novell,  Oblix,  RSA  Security  and  Sun, 
details  how  to  create  a  reusable  user  authenti¬ 
cation  token  for  use  across  Web  sites.  Key  is 
support  for  the  Security  Assertion  Markup 
Language  (SAML),an  XML-based  standard  for 
exchanging  user  identity  information. 


Liberty’s  efforts  are  similar  to  Microsoft’s 
Passport  single-sign-on  service,  which  it  is  try¬ 
ing  to  adapt  for  corporate  use. 

GM  has  deployed  Web  Access  Management 
products,  which  it  declined  to  identify,  that 
support  the  Liberty  specification  as  part  of  its 
MySocrates  intranet. 

“We  see  the  potential  for  enormous  internal 
cost  savings  on  things  like  password  manage¬ 
ment  and  the  help  desk,”  Taggart  says. 

GM  is  asking  vendors  to  detail  plans  for 
support  of  the  Liberty  specification  and 
SAML  in  any  product  pitches  they  make. 

“We  won’t  throw  out  existing  products;  we 
want  them  updated  with  Liberty  and  SAML,” 
Taggart  says. 

Niteo  Partners  hopes  its 
work  can  be  funneled  into 
development  of  the  Liberty 
specification.The  firm  is  build¬ 
ing  a  proof-of-concept  net¬ 
work  with  the  Financial  Ser¬ 
vices  Technology  Consortium 
and  a  group  of  banks  using 
Liberty-based  authentication 
services. 

“We  hope  to  learn  a  lot 
about  interoperability  around 
Liberty  and  SAML,  and  find 
out  if  they  provide  enough 
semantic  information  and 
trust  to  allow  services  to  exe¬ 
cute,"  says  Michael  Versace, 
Niteo’s  national  director  of 
financial  service. 

Versace  says  he  hopes  to 
feed  those  practical  imple¬ 
mentation  lessons  into  the 
Liberty  development  cycle 
to  avoid  the  pitfalls  of  other 
security  services  efforts,  name¬ 
ly  public-key  infrastructure  ■ 


Birth  of  an  alliance 


The  Liberty  Alliance  Project  has  grown  from  30  members  to 
150  in  little  more  than  a  year  and  is  preparing  to  release  the 
2.0  version  of  its  specification  for  federated  identity 
management. 

Michael  Barrett 


September  2001 

Liberty  Alliance  Project, 
led  by  Sun,  forms  with 
30  members  to  offer  an 
alternative  to  Micro¬ 
soft's  Passport  single¬ 
sign-on  technology. 


DOUG  CROUCF 


July  2002 

The  alliance  releases 
its  1.0  specification 
highlighted  by  support 
for  the  Security 
Assertion  Markup 
Language. 

i  i 


September  2002 

Michael  Barrett,  vice 
president  for  Internet 
strategy  at  American 
Express,  elected  presi¬ 
dent  of  the  Liberty 
Alliance  Management 
Board. 


2001 


2002 


2003 


December  2002 

The  1.1  specification  is  released, 
fixing  some  flaws,  and  for  the  first 
time  the  alliance  solicits  public 
comment,  signaling  that  it  plans  to 
act  more  like  a  standards  body  and 
less  like  a  consortium. 


Spring/Summer  2003 

Alliance  target  for  releasing 
Version  2.0  of  the  Liberty  speci¬ 
fication,  which  will  focus  on 
wiring  together  islands  of  users. 


supply-chain  or  financial  soft¬ 
ware  —  Rosenblum  says. One  fac¬ 
tor  has  to  do  with  a  proliferation 
of  aged  POS  gear,  which  retailers 
are  realizing  needs  to  be  mod¬ 
ernized,  she  says. 

Other  store-centric  IT  invest¬ 
ments  that  retailers  are  consider¬ 
ing  include  analytic  software  to 
improve  store  layouts,  and  wire¬ 
less  and  broadband  investments. 

“Retailers  are  paying  attention 
to  the  stores,  and  they’re  paying 
attention  to  customers,”  Rosen¬ 
blum  says. 

Other  exhibitors  with  store-cen¬ 
tric  IT  wares  to  announce  at  the 
NRF  show  include: 

•  SAP  which  will  introduce  Web- 
based  software  for  automating 
labor  scheduling.  With  SAP  Retail 
Workforce  Management,  retailers 
can  centralize  scheduling  for 
multiple  stores,  generate  reports, 
and  integrate  scheduling  soft¬ 
ware  with  back-end  sources  such 
as  payroll  and  human  resources 
systems. 

•  QRS,  which  will  launch  a  suite 
of  consulting  and  data  collection 
services  designed  to  uncover 
store-operation  problems  in  areas 
such  as  pricing,  merchandising 
and  customer  service.  QRS  Retail 
Intelligence  Services  for  General 
Merchandise  and  Apparel  in¬ 
clude  “mystery  shopping”services 
to  evaluate  the  quality  of  cus¬ 
tomer  service  and  merchandise 
availability  and  competitive  price 
audits  to  validate  pricing  in  local 
markets. 

•  Brickstream,  which  will  up¬ 
grade  its  flagship  customer  ana¬ 
lytic  software.  The  software 
makes  sense  of  customers’  shop¬ 
ping  behavior,  which  is  captured 
by  video  cameras  in  stores.  Brick- 
stream  analyzes  the  images  and 
gleans  data  for  sales  and  market¬ 
ing  reports.  Brickstream  Intelli¬ 
gence  Version  2.0  includes  pre¬ 
packaged  analytic  templates 
and  the  ability  to  consolidate 
Brickstream  data  with  other  data 
sources.® 


Correction 


■  The  story  “10  most  power¬ 
ful  companies  in  networking" 
(Dec.  23-30,  page  9)  should 
have  stated  that  in  October,  Dell 
and  EMC  announced  a  jointly 
manufactured  Fibre  Channel 
storage  array. 
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Cisco  enlists  IBM  for  storage  push 


EDITORIAL  DIRECTOR:  JOHN  GALLANT 
EDITOR  IN  CHIEF:  JOHN  DIX 


■  BY  DENI  CONNOR 


ARMONK,  N.Y.  —  IBM  cus¬ 
tomers  will  have  new  choices  for 
storage  gear  as  a  result  of  a  deal 
Big  Blue  inked  with  Cisco  last 
week  to  resell  the  network  giant’s 
recently  announced  Fibre  Chan¬ 
nel  switches. 

Systems  powerhouse  IBM  be¬ 
came  the  first  vendor  to  agree  to 
resell  Cisco’s  MDS  9000  Fibre 
Channel  switches  and  add  them 
to  its  storage-area  network  (SAN) 
bundles,  which  include  different- 
size  switches  from  Brocade,  Mc- 
Data  and  InRange. 

IBM  will  bundle  Cisco’s  MDS 
9000  fabric  and  multiprotocol 
director-level  switches  with  its  En¬ 
terprise  Storage  Server  (ESS), 
FAStT  midrange  disk  arrays  and 
tape  systems/libraries  to  create 
larger  SANs,  and  those  that  incor¬ 
porate  WAN  capability  and  con¬ 
verge  with  IP  networks.  These 
bundles  will  work  with  IBM’s 
pSeries  and  xSeries  servers,  and 
machines  running  HP-UX,  Linux, 
Windows  and  Solaris.  In  addition, 
IBM’s  Tivoli  management  soft¬ 
ware  will  be  used  to  discover  and 
monitor  SANs  consisting  of  IBM 
and  Cisco  gear. 

Analysts  say  IBM’s  integration  of 
Cisco  switches  could  be  attrac¬ 
tive  to  the  latter’s  installed  base. 

“The  biggest  competitive  edge 
Cisco  has  now  has  nothing  really 
to  do  with  product  or  technology 
—  they  have  networking  mind- 
share,”  says  John  Webster,  senior 
analyst  with  Data  Mobility  Group. 
“Cisco’s  short-term  competitive 
edge  lies  in  finding  all  those  loyal 
Cisco  customers  who  have  been 
waiting  on  the  fence  to  jump  into 


Be  a  £|.J 

Know-It-All 

I  THIS  WEEK’S  QUESTION: 


Which  entertainer  is  the 
new  promotional  face  of 
network  equipment 
maker  Avaya? 


Answer  this  & n  nit;  additional  questions 
mine  and  you  could  wn  $500!  Visit 

Nfhrwrk  WtrM  fusm  and  enter  2349 

in  the  Search  box. 
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storage  networking.” 

IBM  recognizes  that  potential. 

“With  the  Cisco  products,  there 
is  additional  opportunity  associat¬ 
ed  with  those  customers  that  want 
to  converge  the  management  and 
administration  of  their  IP  net¬ 
works  with  their  Fibre  Channel 
storage  networks,”  says  Tarek 
Makansi,  director  of  product  strat¬ 
egy  for  storage  products  at  IBM. 

Customers  say  they  agree. 

“I  would  consider  buying  Cisco 
because  we  already  use  their 
equipment  on  the  IP  side  of  the 
house  and  we  could  leverage  the 
common  [command-line  inter¬ 
face],  administrators  and  busi¬ 


ness  relationships  we  have  with 
Cisco,”  says  Ken  Walters,  senior  IS 
director  for  the  Public  Broad¬ 
casting  Service  in  Alexandria,  Va. 
He  uses  Brocade  Silkworm 
switches  in  a  SAN  consisting  of 
IBM  ESS  and  FAStT500  arrays,  and 
HP  Sun  and  Compaq  servers  run¬ 
ning  Windows  2000,  HP-UX  and 
Red  Hat  Linux. 

“It  would  be  nice  to  merge  [our 
IP  and  SAN  staffs]  and  get  some 
economies  of  scale,”  Walters  says. 
“That  is  why  Cisco  entering  this 
market  is  intriguing.” 

The  switches,  which  are  man¬ 
aged  from  a  command-line  inter¬ 
face  similar  to  Cisco’s  IOS,  include 


the  MDS  9509  Multilayer  Director, 
the  Cisco  MDS  9216  Multilayer 
Fabric  Switch  and  associated 
modules  that  Cisco  acquired  in 
August  from  Andiamo  Systems,  a 
Cisco-funded  start-up. IBM  expects 
bundles  to  be  available  by  the 
end  of  this  quarter,  after  it  com¬ 
pletes  interoperability  testing. 

IBM  Systems  Group  Mice  Presi¬ 
dent  Roland  Hagan  says  the  deal 
will  open  up  a  new  customer  set 
that  includes  telecom  customers 
and  those  interested  in  converg¬ 
ing  Fibre  Channel  and  IP  SANs. 

Analysts,  however,  say  Cisco’s 
success  in  storage  will  not  rely 
totally  on  customer  perception, 
but  on  the  partnerships  Cisco 
builds  with  other  vendors. 

“Without  major  storage  part¬ 
ners,  the  MDS  9000  product  line 
would  be  DOA,”  says  Charles 
King,  senior  analyst  with  Sageza. 
“Since  EMC  is  also  in  the  process 
of  qualifying  the  MDS  9000,  we’ll 
see  another  [announcement] 
similar  to  this  one  when  those 
tests  are  completed.” 

HP  and  EMC  say  they  will  resell 
the  Cisco  switches  along  with 
other  vendors’  Fibre  Channel 
products.  ■ 


Rivalry  doesn’t  rankle  Cisco,  3Com 


■  BY  PHIL  HOCHMUTH 

Who’s  afraid  of  Dell?  “Not  us,”  say  the  leading  net¬ 
work  switch  vendors. 

But  neither  are  they  standing  pat  as  Dell  goes  after 
the  network  market  using  the  same  sort  of  aggressive 
pricing  and  manufacturing  strategies  that  earned  it 
success  in  PCs  and  servers. 

3Com  and  Linksys  are  readying  boxes  that  add  im¬ 
proved  security  and  manageability  on  top  of  basic 
Layer  2  and  Layer  3  packet  switching. 

Meanwhile,  Cisco  said  last  week  it  will  not  let  Dell 
walk  in  and  eat  its  lunch  in  the  low-end  switch  mar¬ 
ket  (see  story  page  15). 

This  week,  3Com  will  release  security  enhance¬ 
ments  to  its  SuperStack  3  Switch  3300  and  4400  Eth¬ 
ernet  products,  which  compete  with  Dell’s  Power- 
Connect  LAN  products. 3Com  is  adding  802. lx  and 
Remote  Authentication  Dial-In  User  Service  sup¬ 
port,  which  lets  administrators  secure  connections 
by  requiring  end  users  to  log  in  to  a  physical  LAN 
port. The  company  also  has  added  VPN  support  to 
its  SuperStack  Firewall.The  enhanced  SuperStack  3 
Switch  3300  and  4400  switches,  which  come  with 
24  or  48  10/100M  bit/sec  ports  and  dual  Gigabit 
Ethernet  uplinks,  start  at  $1,300  and  $  1 ,000,  respec¬ 
tively.  The  firewall  costs  $4,000. 

Linksys, best  known  for  its  consumer  network  pro¬ 
ducts,  last  week  also  said  it  can  go  toe  to  toe  with 
Dell  in  the  small  to  midsize  market.  It  released  a  24- 
port  10/100M  bit/sec  Ethernet  switch  with  SNMP 


management  and  Gigabit  Ethernet  uplinks  for 
$500. 

Dell  was  on  the  minds  of  Cisco  and  3Com  execu¬ 
tives  at  a  Morgan  Stanley  conference  in  Arizona 
last  week,  where  the  stackable  switch  leaders 
downplayed  Dell’s  entrance  to  their  market.  Cisco 
CEO  John  Chambers  said  his  company  would  not 
surrender  the  low  end  of  the  switch  market  — 
which  it  leads  —  to  newcomers,  such  as  Dell.  He 
added  that  his  company’s  gear  offers  more  features 
and  comes  with  better  service  than  its  competitors 
at  the  low  end  of  the  market. 

At  the  conference,  3Com  CFO  Mark  Slaven  said 
that  while  Dell’s  LAN  gear  might  be  attractive  on 
price  —  Dell’s  switches  cost  45%  less  per  port  than 
Cisco  and  10%  than  3Com  in  2002,  according  to 
Synergy  Research  Group  —  it  has  a  long  way  to  go 
to  be  a  real  threat  in  network  gear. 

Users  of  3Com  and  Cisco  stackable  products  say 
they  are  satisfied  with  their  respective  vendors  — 
for  now.  But  because  cost  often  beats  out  loyalty  at 
the  lower  end  of  the  switch  market,  these  cus¬ 
tomers  say  Dell  and  other  low-cost  vendors  are 
always  on  their  short  lists. 

“I  like  to  leave  the  door  open  in  terms  of  interop¬ 
erability.  If  the  Dell  equipment  is  flexible  in  that 
regards,  I’d  take  a  look  at  it,”  says  Lyndon  Easley, 
senior  network  engineer  for  Kinko’s,  which  uses 
3Com  switches  in  its  corporate  offices  in  Dallas 
and  Ventura,  Calif., and  has  not  yet  worked  with  the 
Dell  gear.  ■ 
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It’s  all  the 
computers  you  need. 

Introducing  one  computer  that  works  like  more 
than  one:  the  Compaq  Tablet  PC.  Connect 
it  to  its  optional  dock  and  it’s  a  desktop.  Attach 
the  included  keyboard  and  it’s  ready  to  go  as 
a  laptop.  Or  write  right  on  the  screen  and  you  can 
create  editable  documents  without  a  keyboard 
at  all. To  find  out  how  $1,699*  can  get  you  the 
computer  that  adapts  to  your  work  environment,  call 
l-800-888-8129orvisitwww.compaq.com/tabletpc/ad. 

When  it  really  matters,  choose  Compaq. 
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Operation  antivirus 

Microsoft’s  next  version  of  its  desktop  operating 
system  will  include  antivirus  APIs. 

Possible  benefits  I  Possible  pitfalls 

•  More  eff  icient  scanning  of  the  •  Could  open  new  security 

operating  system  and  files.  holes  inadvertantly. 

•  Less  intensive  use  of  system  •  Independence  of  antivirus 

resources.  software  industry  withers 

•  Easier  updating  of  virus  under  Microsoft  control, 

signatures. 


Microsoft 

continued  from  page  1 

The  availability  of  the  APIs 
also  should  make  for  a  de  facto 
standardization  of  desktop 
antivirus  software,  making  it 
easier  for  more  companies  to 
get  into  the  $1.7  billion 
antivirus  market,  now  the  terri¬ 
tory  of  vendors  such  as 
Network  Associates,  Symantec 
and  Trend  Micro.  If  the  effort 
works  out,  observers  say,  it 
could  pave  the  way  for  similar 
Microsoft  projects  involving 
intrusion-detection  and  other 
security  technologies. 

Sources  say  there  is  no  evi¬ 
dence  yet  that  Microsoft’s  APIs 
will  help  vendors  looking  to  de¬ 
sign  better  tools  for  cleaning  up 
after  a  virus  strikes  computers. 

Microsoft,  which  already  has 
provided  server-based  antivirus 
APIs  for  its  Exchange  messaging 
server,  acknowledged  the  Long¬ 
horn  plan  for  desktop  antivirus 
APIs,  but  declined  to  discuss  it 
further. 


Enthusiastic  following 

Antivirus  vendors  say  they  are 
enthusiastic  about  Microsoft’s 
effort.  While  there  always  is  con¬ 
cern  about  Microsoft  taking  too 
much  control  of  a  market,  Micro¬ 
soft’s  leadership  is  required  in  this 
area  given  the  prevalence  of  its 
desktop  software,  they  say 

Some  antivirus  companies  al¬ 
ready  have  had  a  preview  of  the 
potential  benefits  of  APIs  by  using 
the  server-based  antivirus  APIs 
that  Microsoft  makes  available  for 
its  Exchange  messaging  server. 

Trend  Micro,  for  instance,  has 
used  Microsoft’s  VSAPI  2.0  for 
Exchange  to  better  design  its 
ScanMail  product  to  block  mail- 
based  viruses,  says  Kevin  Murray, 
Trend  Micro’s  product  marketing 
manager  for  messaging.  Desktop 
antivirus  APIs  are  where  the 
industry  is  headed,  says  Murray 
who  predicts  the  change  will 
result  in  antivirus  software  that’s 
“a  lot  less  intensive  on  system 
resources.” 

It  could  lead  to  antivirus  soft¬ 
ware  vendors  no  longer  having  to 


store  thousands  of  signature 
updates  —  the  information  used 
to  identify  new  viruses  —  on 
desktops.  Instead,  a  central  server 
could  remotely  scan  desktops 
periodically 

The  APIs  also  might  help  ven¬ 
dors  develop  new  services,  such 
as  charging  a  fee  per  signature 
update  or  scan,  Pescatore  says. 

Another  result  of  Microsoft’s  ef¬ 
fort  could  be  a  further  commodi¬ 
tization  of  antivirus  software. 

“As  long  as  Windows  users  are 
still  afforded  the  choice  of  which 


antivirus  plug-in  they  wish  to 
license,  this  is  an  expected  evo¬ 
lution  for  pure  antivirus  technol¬ 
ogy]’ says  Ian  Hameroff,  a  director 
at  eTrust  Security  Solutions, 
which  sells  antivirus  and  other 
security  products.”  [It  is]  moving 
into  the  realm  of  where  TCP/IP 
stacks  and  Web  browsers  are 
today  —  a  part  of  the  underlying 
services  found  on  standard 
workstations.” 

Chris  Wraight,  technology  con¬ 
sultant  to  antivirus  software  ven¬ 
dor  Sophos,  says  the  downside 


for  those  vendors  that  felt  they 
had  a  technological  advantage  is 
that  the  effort  somewhat  levels 
the  playing  field. 

“It  makes  it  more  incumbent 
on  antivirus  vendors  to  distin¬ 
guish  themselves  with  what  they 
would  do  once  the  APIs  give 
them  the  file  to  scan,”  he  says. 

Network  executives  say  they 
are  happy  to  see  Microsoft  work¬ 
ing  with  others  to  ensure  that 
antivirus  products  work  better 
with  Windows.  But  at  the  same 
time,  they  continue  to  question 
Microsoft’s  security  expertise. 

“What  scares  me  is  all  these  vi¬ 
ruses  written  for  attack  on  Micro¬ 
soft  vulnerabilities,”  says  Thomas 
Wagenhauser,  IT  manager  at  Har¬ 
lan  Bakeries  in  Avon  Ill.  “I’m  not 
comfortable  relying  on  Microsoft 
for  antivirus  security 
Such  thinking  helps  to  explain 
why  Microsoft  has  not  aggres¬ 
sively  pursued  a  takeover  of  the 
antivirus  business,  analysts  say  ■ 
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Who’s  offering  what 


Here  are  the  managed  services  each  RBOC  is  or  plans 
to  offer. 


Provider 

Site-to-site 

Network-based 

BellSouth 

Offers  in-region  and  can 
connect  out  of  region. 

Will  launch  an  in-region 
MPLS-based  service  in 
March. 

Qwest 

Offers  out-of-region  and 
in  some  in-region  states. 

Offers  a  national 
network-based  VPN 
service  that  doesn’t  rely 
on  MPLS. 

Verizon 

Will  launch  site-to-site 
in  June. 

Will  launch  an  MPLS- 
based  service  in  the  fall. 

SBC 

Offers  site-to-site 
service. 

Will  roll  out  an  MPLS- 
based  service  this  year. 

Verizon 

continued  from  page  1 

handful  of  fully  meshed  VPN 
offerings  that  include  IP- 
enabled  frame  relay  and  ATM 
services. 

Verizon  is  expected  to  an¬ 
nounce  a  fully  managed  site- 
to-site  IP  Security  (IPSec)  VPN 
in  March  that  will  let  users 
transmit  corporate  data  over 
the  Internet  using  secure  tun¬ 
nels,  says  Tom  Roche,  director 
of  offer  management.  The  site- 
to-site  IPSec  service  includes 
customer  premises  equipment 
deployed  at  each  site  that’s 
connected  to  the  VPN. 

Verizon  will  use  Nortel’s 
Contivity  and  Cisco’s  3000-series  devices  to 
support  the  service  that  will  be  managed 
from  Verizon’s  network  operating  centers  in 
Frazier,  Pa., and  Austin, Texas. 

The  service,  which  Verizon  is  promising 
by  June,  will  offer  customers  three  service 
classes  with  performance  guarantees. 
Verizon  says  it’s  still  working  out  the  details 
of  its  service-level  agreements. 

This  service  description  might  sound 
familiar  to  Verizon  customers.  It  essentially 
describes  the  VPN  Advantage  service  that 
Verizon  resells  today.  But  VPN  Advantage  is 
a  Genuity  service  that  is  managed  by  the 
ISP  and  runs  over  Genuity’s  network. 

“Many  of  our  customers  are  happy  with 
Genuity’s  service,  but  they  are  also  looking 
for  a  more  flexible  offer  in  terms  of  man¬ 
agement,"  Roche  says. 

Verizon  has  been  moving  away  from 
Genuity  since  2002  when  it  became  clear 


the  ISP  might  not  recover  from  its  financial 
woes.  Verizon  officially  severed  financial 
ties  to  Genuity  in  July. 

In  November,  Verizon  also  launched  its 
long-distance  Enterprise  Advantage  initia¬ 
tive,  which  has  accelerated  Verizon’s  move 
away  from  Genuity.  At  that  time  the  LEC 
said  it  would  launch  services  to  customers 
in  the  Northeast  in  the  first  quarter  of  2003 
and  roll  out  nationally  to  56  markets  over 
the  next  two  years 

While  Verizon’s  IP  network  spans  coast  to 
coast,  it’s  not  a  true  national  backbone  be¬ 
cause  it  misses  significant  portions  of  the 
map,  which  is  why  Verizon  also  is  partner¬ 
ing  with  Sprint.  About  a  month  ago, Verizon 
quietly  inked  a  deal  with  Sprint  to  use  its  IP 
network  to  support  customers  in  areas 
where  its  own  IP  network  will  not  reach, 
says  Jason  Summers,  director  of  advanced 
network  services  at  Verizon. 


Verizon  also  is  in  the  pro¬ 
cess  of  building  an  MPLS  net¬ 
work  over  its  own  IP  network. 
The  LEC  is  testing  many 
MPLS  switches  that  support 
the  IETFs  RFC  2547. 

This  specification  lets  the 
LEC  support  VPN  services  at 
Layer  3  by  dedicating  paths 
over  its  network  for  individual 
customers.  These  services 
usually  are  called  network- 
based  VPNs.  Each  user’s  rout¬ 
ing  tables  are  stored  on  the 
switches  throughout  Verizon’s 
network  using  Border  Gate¬ 
way  Protocol. 

The  benefit  of  RFC  2547  is 
that  it’s  transparent  to  cus¬ 
tomers,  who  can  interconnect 
IP  and  frame  relay  networks  at  Layer  3,  says 
Jennifer  Rosales,  a  group  manager  at 
Verizon.  The  specification  is  more  scalable 
because  customer  routing  tables  are  stored 
on  MPLS  switches  in  the  network  that  can 
be  updated  at  the  same  time  from  a  Verizon 
network  operations  center,  as  opposed  to 
updating  individual  devices  on  a  site-to-site 
VPN  that  might  not  be  as  accessible. 

Verizon’s  MPLS  services  are  expected  to 
roll  out  in  a  few  cities  in  August  or  Septem¬ 
ber,  with  networkwide  support  later  in  the 
year,  Summers  says. 

Verizon  initially  might  have  a  hard  time 
winning  over  customers  who  want  to  fully 
outsource  their  IP  VPN,  says  Lisa  Pierce,  an 
analyst  at  Giga  Information  Group.  While  it 
has  offered  a  variety  of  router,  server  and 
application  management 
services  for  some  time,  this 
is  Verizon’s  first  foray  into 


fully  managing  IPVPNs.Verizon“has  little  IP 
VPN  expertise,”  she  says.  Fortune  1000  cus¬ 
tomers  likely  will  not  switch  from  a  long¬ 
time  IP  service  provider  to  Verizon,  but 
instead  might  use  them  for  backup  initially 
she  says. 

And  some  firms  will  continue  to  run  their 
own  VPNs,  unless  given  compelling  finan¬ 
cial  incentive  to  switch. 

Paul  Ladd,  director  of  MIS  at  Suffolk 
University  in  Boston,  says  he  recently 
decided  to  run  his  own  VPN  rather  than 
outsource,  because  of  the  cost. 

“It  seemed  more  cost-effective  to  do  our 
own,  and  we  already  manage  our  own 
network,”  he  says.“When  I  looked  at  having 
third  parties  provide  a  VPN,  it’s  an  ongoing 
cost  every  month,  and  over  time  I  felt  buy¬ 
ing  our  own  platform  and  doing  it  our¬ 
selves  presented  significant  potential 
savings.” 

Verizon  isn’t  the  first  LEC  to  pitch  this  type 
of  service.  Qwest,  the  only  LEC  to  operate 
its  own  national  IP  network,  has  offered 
site-to-site  and  network-based  VPNs  for 
years.  SBC  and  BellSouth  offer  site-to-site 
VPN  services  with  MPLS  VPN  services 
planned  for  this  year. 

While  MPLS  will  work  over  a  one  carrier’s 
network,  getting  it  to  run  across  a  partner’s 
network  out  of  region  isn’t  easy,  says  Roddy 
Tranum,  director  of  product  management 
for  VPN  and  security  with  BellSouth. 

“MPLS  doesn’t  have  a  great  deal  of  effec¬ 
tiveness  across  a  network-tonetwork  inter¬ 
face  [NNI],"he  says.“That’s  something  we’ll 
look  at  this  year.  We  want  to  see  whether  we 
can  partner  and  do  MPLS  NNIs.or  whether 
we  should  stick  to  connect¬ 
ing  at  the  Layer  2  level  out  of 
region."  ■ 


Get  more  Mfbnutiea  inline. 
DocFinder:  3841 

www.nvfuuM.cem 


Want  to  cut  your  IT  costs  without  sacrificing 
performance?  PRIMEPOWER  Servers  from  Fujitsu. 


The  secret  is  out.  PRIMEPOWER™  Solaris™- compatible 
;  §8  I  servers  from  Fujitsu®  deliver  a  major  breakthrough  in 

!l'|  IS  I  price/performance  compared  to  our  more  famous 
||i  J§|  I  competition.  Want  proof?  PRIMEPOWER  servers  offer 
such  an  advantage  that  the  world’s  leading  com¬ 
panies  use  them  to  boost  their  performance.  And  there’s  a 
PRIMEPOWER  server  that’s  right  for  any  application  you  need  — 
from  single  CPU,  rack-mounted  servers  to  enterprise-ready 
systems  that  scale  to  1 28  CPUs  for  unsurpassed  performance  in 
the  data  center. 


Of  course,  it’s  not  just  the  hardware  you’re  buying.  It’s  also 
Fujitsu’s  30+  years  of  experience  supporting  high-perform¬ 
ance,  mission-critical  systems.  We’ve  already  helped  many 
companies  consolidate  their  IT  infrastructures  and  lower  their 
Total  Cost  of  Ownership.  Our  free  white  paper,  The  Why  and 
How  of  Server  Consolidation,  explains  how.  Get  your  copy  at 
www.ftsi.fujitsu.com/ad.  Or  call  (877)  905-3644. 
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continued  from  page  1 

While  IBM’s  software  group  isn’t  the  company’s  largest 
revenue  producer  —  in  the  first  nine  months  of  last  year, 
Global  Services  took  in  45%  of  IBM’s  total  revenue, the  hard¬ 
ware  division  34%,  and  software  group  16%  —  it’s  a  major 
profit  engine.  In  the  same  time  period,  the  software  group 
contributed  more  to  IBM’s  total  profit  (37%)  than  Global 
Services  (32%)  and  the  company’s  hardware  division 
(23%). 

With  software  profits  on  the  rise,  IBM  is  gunning  for  a  vari¬ 
ety  of  markets.  It’s  pitching  money  consulting  and  sales  re¬ 
sources  at  its  software  suite  and  battling  Microsoft  for  cor¬ 
porate  customers;  the  two  vendors  arguably  are  alone  in 
offering  a  full  complement  of  development  tools,  messag¬ 
ing  and  collaboration  servers,  databases,  and  man¬ 
agement  and  security  products.  (See  Part  1  of  this 
series,  www.nwfusion,  DocFinder:  3827.) 

In  many  of  the  software  markets  in  which  it  com¬ 
petes,  IBM  steadfastly  is  increasing  its  share  of  new 
business,  at  the  expense  of  a  slew  of  other  vendors. 

IBM’s  WebSphere  Application  Server  is  neck-and- 
neck  with  BEA  Systems’  WebLogic  for  the  lead  in 
application-server  market  share.  IBM’s  DB2  took  the 
top  market-share  position  away  from  longtime 
leader  Oracle’s  database  product  in  2001.  And  its 
Tivoli  brand  is  among  the  top  three  network  man¬ 
agement  software  suites  and  a  front-runner  in  secu¬ 
rity  management  software. 

Of  course,  there’s  still  work  to  be  done.  After  an 
acquisition-active  2002  in  which  it  shelled  out  bil¬ 
lions  of  dollars  for  software  companies,  including 
Access360,  Holosofx,  MetaMerge,  TrelliSoft  and 
Rational  Software,  IBM  needs  to  digest  its  infrastruc¬ 
ture  additions  and  work  to  integrate  its  newly 
acquired  technologies. 

In  addition,  IBM’s  $13  billion  software  group  has  a 
new  territorial  focus:  midsize  customers. 

While  IBM  is  a  natural  fit  with  large  corporations 
buying  IT  wares,  it  is  trying  to  extend  its  customer 
range  to  include  midsize  companies  with  100  to  999 
employees.There’s  a  $15  billion  middleware  market 
opportunity  among  400,000  such  midsize  compa¬ 
nies,  IBM  says.  That  compares  with  an  $11  billion 
opportunity  among  30,000  large  companies  with 
1 ,000-plus  employees. 

IBM’s  midmarket  plans  center  on  a  growing  num¬ 
ber  of  independent  software  vendors  and  partners 
that  will  embed, install  and  resell  IBM  software  products.To 
help  these  channel  partners  reach  customers,  IBM  is 
investing  $1  billion  in  partnering  and  alliance  strategies, 
the  company  says. 

In  addition,  the  software  group  last  fall  unveiled  scaled- 
down  versions  of  its  application  server,  database,  portal 
and  integration  software  designed  and  priced  for  midsize 
consumption. 

“IBM  has  been  trying  to  move  downscale  for  years  and 
years,”  says  Frank  Dzubeck,  president  of  Communications 
Network  Architects.  “They  have  finally  figured  out  some 
ways  to  do  this.” 

It’s  not  a  surefire  campaign,  but  IBM’s  midmarket  maneu¬ 
vering  has  some  strong  resources  behind  it. 

One  weapon  is  Steve  Mills,  IBM  senior  vice  president  and 
head  of  the  software  division.  Mills  helped  execute  IBM’s 
multiyear  software  makeover  and  has  been  laying  the 
groundwork  for  a  midmarket  assault. 

First,  he  tightened  ranks.  Mills  unified  IBM’s  application 
server,  portal,  MQ  Series  integration  broker  and  Cross- 
Worlds  integration  software  under  the  WebSphere  brand. 
He  pulled  Lotus  and  Tivoli  —  both  of  which  enjoyed  rela¬ 
tive  autonomy  after  their  respective  acquisitions  —  into 
the  fold.  He  plans  to  do  the  same  with  application  devel¬ 


opment  toolmaker  Rational,  which  IBM  announced  plans 
to  acquire  in  December. 

“The  organizational  structure  is  identical  for  all  my  units 
as  far  as  the  way  we  structure  marketing,  development  and 
sales,"  Mills  says.“We  don’t  have  subsidiaries. We  don’t  have 
independent  units. We  have  interdependent  units.” 

Having  tightened  the  group  operationally  Mills  set  out  to 
unify  IBM’s  software  resources  at  a  code  level.  He’s  driving 
the  software  brands  to  develop  more  modular,  reusable 
components.  By  shifting  product  development  practices  to 
take  advantage  of  modular  components  that  can  be 
shared  across  IBM  software  lines,  product  teams  can  re¬ 
duce  coding  efforts  by  80%  and  get  new  products  to  mar¬ 
ket  twice  as  fast,  Mills  says. 

Software  teams  today  are  obligated  to  work  with  their 
peers  to  develop  common  platform  architectures,  Mills 


says.They  don’t  have  the  ability  to  go  off  and  do  indepen¬ 
dent  architectures  or  things  that  are  not  part  of  the  broad¬ 
er  architectural  structure  that  we  have  laid  out,”  he  says. 

Mills  also  has  used  IBM’s  buying  power  to  fill  in  gaps  in 
its  middleware  stack.  The  CrossWorlds  acquisition,  com¬ 
pleted  early  last  year,  added  business  process  management 
tools.  Access360,  which  tackles  identity  management  and 
access  rights  provisioning,  and  MetaMerge,  a  directory 
technology  vendor,  fill  out  the  Tivoli  line. 

With  the  pending  Rational  acquisition  —  a  $2.1  billion 
deal  —  IBM  will  have  what  it  needs  to  become  a  single 
source  for  building,  deploying  and  managing  business 
applications.  Mills  says  the  Rational  purchase  completes 
the  middleware  puzzle,  which  he’s  content  to  limit  to  five 
brands:  WebSphere,  DB2, Tivoli,  Lotus  and  Rational. 

The  naysayers 

Despite  IBM’s  efforts,  not  everyone  is  convinced  IBM’s 
midmarket  tack  will  work.  With  its  history  of  solving  the 
most  complex  technology  challenges,  IBM  won’t  find  it 
easy  to  move  downstream, some  analysts  say 

IBM  is  a  large-customer  company  with  a 
services  bent,  whereas  midsize  customers 
are  looking  for  turnkey  solutions,  says 


Joshua  Greenbaum,  principal  at  Enterprise  Applications 
Consulting.“For  the  company  that  wants  to  build  solutions, 
IBM  is  a  very,  very  good  provider.They  have  what  it  takes  to 
build  very  complex  solutions.  It’s  just  not  what  the  mid¬ 
market  is  looking  foF 

Eric  Austvold,  research  director  at  AMR  Research, agrees. 
What  IBM  does  well  is  tackle  the  most  complex  techno¬ 
logical  challenges  in  a  corporation  —  which  is  great  for 
the  world’s  largest  bank  or  online  marketplace,  Austvold 
says.  But  he  questions  whether  IBM  can  translate  that  com¬ 
plexity  and  sophistication  into  something  that’s  manage¬ 
able  for  midmarket  businesses.“If  I’m  a  CIO  at  the  highest- 
level  organization  and  I’ve  got  5,000  people  working  for 
me, I  use  IBM. If  I’m  a  CIO  at  a  mid-market  organization  and 
I’ve  got  five  people  working  for  me,  it’s  a  whole  different 
ballgame,”  he  says. 

Vendors  such  as  Oracle,  SAP  and  PeopleSoft  also 
have  targeted  midsize  opportunities,  but  all  still  are 
weighted  too  heavily  toward  big  sales  to  effectively 
sell  to  midsize  customers,  Greenbaum  says. 

Observers  say  IBM  also  faces  a  monumental  task  of 
integrating  all  its  new  and  old  software. 

But  Mills  says  IBM  has  made  strides  in  integrating 
its  software  stack  and  using  common  code  wher¬ 
ever  possible  to  reduce  complexity.  As  an  example, 
Mills  cites  Tivoli  network  management  software, 
which  today  incorporates  key  WebSphere  ele¬ 
ments,  includes  a  DB2  database  and  uses  the  same 
Java  and  XML  programming  tools  that  the  rest  of 
IBM’s  middleware  stack  uses.  IBM  is  moving  the 
Lotus  portfolio  in  that  direction,  too.  Mills  says. 

In  addition,  IBM  stresses  that  its  efforts  to  share 
software  code  among  product  lines  are  not  an 
attempt  to  lock  users  into  an  all-IBM  portfolio,  but 
analysts  point  out  the  strategy  will  give  IBM  an 
advantage. 

Jean-Pierre  Garbani,  a  research  director  with  Giga 
Information  Group,  says  the  hooks  between 
WebSphere,  DB2  and  Tivoli  remind  him  of  the  old 
IBM  and  SNA  times.’The  cooperation  means  that  the 
best  product  to  manage  IBM  software  is  a  Tivoli  solu¬ 
tion,”  he  says. 

This  advantage  will  become  more  apparent  as  IBM 
refines  its  data  center  infrastructure,  Garbani  says. 
The  best  way  to  manage  an  IBM-centric  data  center 
will  be  with  Tivoli  products,  because  Tivoli  will  have 
access  to  advanced  IBM  server  features  months 
before  any  other  management  vendor,  he  says. 

The  next  front  for  Mills  and  IBM’s  software  group 
is  autonomic  computing  —  a  corporatewide  initiative  at 
IBM  to  build  systems  that  can  monitor,  manage  and  heal 
themselves. 

It’s  not  a  new  concept.  IBM  has  built  autonomic  features 
into  satellites,  space  shuttles,  mainframe  computers  and 
carriers’  central  office  equipment  for  many  years,  but 
autonomic  computing  never  has  been  implemented  on 
a  grand  scale. “Nor  has  it  ever  been  implemented  in  the 
software  space,”  Dzubeck  says. 

Analysts  estimate  the  company  spends  more  than 
$500  million  per  year  on  autonomic  computing  devel¬ 
opment.  Autonomies  is  key  to  two  other  IBM  initiatives: 
grid  computing,  whereby  surplus  computing  power  and 
other  spare  IT  resources  is  harvested,  and  e-business  on- 
demand,  which  calls  for  the  delivery  of  computing 
resources  on  an  as-needed  basis,  much  like  electricity 
or  water. 

There’s  plenty  of  money  behind  the  effort:  IBM  CEO 
Sam  Palmisano  said  in  October  that  e-business  on 
demand  is  the  next  wave  in  computing  and  IBM  is  com¬ 
mitting  $10  billion  in  research  and  development,  acquisi¬ 
tion  and  marketing  funds  to  its  realization. 

Now  it  remains  for  the  software  group  to  do 
what  it  can  to  deliver  on  Palmisano’s  vision.  ■ 
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■  ACCESS  DEVICES  ■  CLIENTS 

■  SERVERS  ■  OPERATING  SYSTEMS 

■  VPNS  ■  NETWORKED  STORAGE 


■Takes 

■  SGI  last  week  introduced  a  family 
of  servers  and  clustering  software 
suited  for  technical  computing  envi¬ 
ronments.  The  Altlx  3000  family  con¬ 
sists  of  servers  that  use  Intel  Itanium 
2  processors  and  the  Linux  operating 
system.  The  company  also  introduced 
superclusters,  sets  of  up  to  64  Itanium 
2  processors  with  up  to  512G  bytes  of 
RAM  that  run  a  single  Linux  operating 
system.  The  superclusters  use  a  pro¬ 
prietary  clustering  technology  called 
NUMAIink,  which  makes  use  of  the 
Non-Uniform  Memory  Architecture 
used  in  SGI's  Origin  servers  to  tie 
boxes  together.  An  entry-level  four- 
processor  Altix  3000  server  starts  at 
$70,180  and  is  expected  to  be  avail¬ 
able  this  quarter.  A  64-processor  Altix 
3000  starts  at  more  than  $1.1  million. 
www.sgi.com 

■  Polywell  Computers  is  selling  a 
rack  server  with  dual  Opteron  proces¬ 
sors  from  Advanced  Micro  Devices 
on  its  Web  site.  The  PolyRaxx  server 
is  a  1U  box  with  two  64-bit  Opteron 
processors.  It  is  based  on  the  AMD- 
8000  chipset,  which  uses  HyperTrans- 
port  interconnect  technology  in  a 
PCI-X  bridge,  an  I/O  hub  and  an  AGP 
3.0  graphics  tunnel.  HyperTransport  is 
an  interconnect  technology  used  to 
move  data  at  speeds  up  to  12.8G 
byte/sec  between  integrated  circuits 
on  a  processor.  Dual  gigabit  Ethernet 
ports  connect  the  server  to  a  compa¬ 
ny’s  internal  network.  Several  operat¬ 
ing  systems  will  be  offered  with  the 
server,  including  Microsoft's  Windows 
2000  Server,  .Net  Server  and  the  64-bit 
beta  version  of  .Net  Server.  A  32-bit 
Linux  operating  system  from  Red  Hat 
and  a  64-bit  beta  version  from  SuSE 
Linux  AG  also  will  be  available.  AMD’s 
Hammer  architecture,  which  is  the 
backbone  of  the  Opteron  processor, 
lets  users  run  32-  and  64-bit  applica¬ 
tions  and  operating  systems  designed 
for  the  x86  instruction  set  on  the 
same  chip.  The  PolyRaxx  server  will 
compete  against  servers  with  Intel's 
32-bit  Xeon  processor.  The  clock 
speed  of  the  new  chips  and  price  of 
the  server  still  are  not  set. 
www.polywell.com 


VPN  software  is  not  created  equal 

Advanced  features  require  advanced  corporate  network  planning. 


■  BY  TIM  GREENE 

With  IP  Security  VPNs  established  as  a 
preferred  method  of  remote  access,  busi¬ 
nesses  now  must  weigh  an  array  of 
options  that  can  make  deploying  and 
managing  these  VPNs  less  daunting. 

Optional  features  range  from  automatic 
installation  ofVPN  client  software  to  policy 
checkers  that  deny  VPN  access  if  personal 
firewalls  aren’t  turned  on  and  configured 
properly  The  features  differ  among  VPN 
client  software,  so  customers  have  to  shop 
carefully 

Remote-access  VPNs  call  for  single  PCs 
and  laptops  to  connect  to  the  Internet 
and  establish  a  VPN  tunnel  with  centrally 
located  VPN  concentrators,  an  architec¬ 
ture  that  presents  two  main  challenges: 
first,  how  to  distribute  and  manage  soft¬ 
ware  on  a  large  numbers  of  remote  ma¬ 
chines  with  minimal  manpower;  second, 
how  to  ensure  that  these  machines  don’t 


threaten  the  security  of  the  corporate 
network. 

In  the  early  days  of  VPNs,  these  clients 
weren’t  deployed  in  large  enough  numbers 
to  make  distributing  and  updating  them  a 
problem.  But  today  for  large,  remote-access 
VPN  deployments,  automated  distribution 
and  configuration  tools  are  a  must,  says 
Larry  Bolick,  CIO  of  Aquent,  a  Boston  IT 
consulting  firm  that  uses  Nortel  Contivity 
VPN  equipment.  Otherwise,  updates  and 
policy  changes  would  become  too 
unwieldy  to  handle,  he  says. 

Most  vendors  have  solved  the  problem 
with  downloadable  software  that  installs 
itself  so  end  users  can  handle  it  without  IT 
assistance. “The  help  desk  gives  them  the 
password  to  install,  and  after  that,  it’s  all 
silent  and  automated,”  says  Gary  Gatten, 
senior  network  engineer  for  LabOne,  a 
medical  testing  firm  in  Lenexa,  Kan.,  that 
uses  Avaya  VPN  products. 

Once  remote-access  VPN  clients  are  up 


and  running,  policies  control  the  use  of 
their  IPSec  tunnels.  The  policies  also  dic¬ 
tate  a  variety  of  parameters  such  as  the 
VPN  concentrators  to  which  they  can 
connect  and  what  level  of  encryption  to 
use.  The  clients  also  must  be  informed  of 
the  removal  or  addition  of  new  devices  to 
the  network. 

To  handle  this  task  efficiently  Check 
Point,  Cisco,  NetScreen  Technologies  and 
others  offer  policy  servers  that  update 
clients  with  new  policies  that  have  been 
added  since  the  last  time  the  client 
machine  logged  on.  These  servers  can 
store  multiple  policies  for  different  groups 
or  individuals.  In  addition  to  keeping  poli¬ 
cies  current,  this  arrangement  means  no 
policy  remains  on  the  client  machine 
when  the  VPN  connection  is  severed.  This 
eliminates  the  security  risk  that  the  infor¬ 
mation  would  pose  if  the  machine  were 
stolen,  Gatten  says. 

See  VPN,  page  16 


Cisco  takes  aim  at  new  competitors 


■  BY  STEPHEN  LAWSON 

SCOTTSDALE,  ARIZ.  —  Cisco  last  week 
signaled  its  readiness  to  take  on  new 
rivals,  such  as  Dell,  that  are  moving  into 
the  network  giant’s  traditional  network 
equipment  markets. 

In  what  seemed  a  shift  from  the  tone  of 
Cisco’s  analyst  conference  last  month, 
Cisco  President  and  CEO  John  Chambers 
told  financial  analysts  last  week  at  the 
Morgan  Stanley  Software,  Services,  Inter¬ 
net  &  Networking  Conference  that  he  sees 
challengers  moving  up. 

“Our  next  generation  of  competition  is 
going  to  come  from  belowf  Chambers  said 
in  answer  to  a  question  at  the  conference 
in  Scottsdale. 

Asked  about  Dell  and  Chinese  vendor 
Huawei  Technologies,  he  acknowledged 
those  companies  were  among  the  threats 
and  that  other  companies,  particularly 
other  Asian  vendors,  also  would  be  part  of 
the  fray 

Last  month,  Chambers  downplayed  the 
idea  of  network  gear  becoming  a  com¬ 
modity  business  in  which  newcomers 
could  succeed  with  lower  prices,  saying  a 
big  vendor  still  has  advantages.The  ability 
to  make  a  wide  range  of  integrated  gear 


across  enterprise  and 
carrier  networks,  and  to 
innovate  in  high-end 
features  such  as  security 
was  more  important 
than  price  to  most  cus-  0 

tomers,  Chambers  and  ° 

CL 

other  executives  said.  5 

Last  week  he  seemed 
to  signal  a  different 
approach. 

“We’re  going  to  move 
downmarket,”  Chambers 
said.“We  will  not  just  play  defense;  we  will 
play  offense  as  well.” 

Among  the  company’s  upcoming 
moves  will  be  a  $150  million  advertising 
campaign. 

Beyond  that,  industry  analysts  doubted 
that  Chambers’ comment  hinted  at  signif¬ 
icant  changes  in  Cisco’s  product  lineup. 
Instead,  they  pointed  to  the  company’s 
moves  to  cut  costs  and  possibly  initiate  a 
new  online  direct  sales  channel,  similar 
to  Dell’s,  intended  for  small  and  midsize 
businesses. 

“Dell  is  very  much  going  after  the  com¬ 
modity  product  space. . .  .That’s  a  threat  to 
Cisco  unless  Cisco  can  counter  Dell  both 
in  terms  of  cost  of  products  shipped  [and] 


fcIWe  will  not  just  play 
defense;  we  will  play  offense 
aswell.H 

John  Chambers 

President  and  CEO,  Cisco 


channels,”  said  David  Passmore,  research 
director  at  Burton  Group. 

For  relatively  simple  equipment  such  as 
Ethernet  switches  for  small  and  midsize 
companies,  a  combination  of  Cisco’s 
advanced  features  and  an  easier  way  to 
buy  its  products  might  help  the  company 
attract  or  keep  smaller  customers,  says 
Tere’  Bracco.an  enterprise  network  analyst 
at  Current  Analysis. 

“1  don’t  expect  them  to  sell  to  con¬ 
sumers,  but  I  do  expect  them  to  have  an 
online  Web  presence  in  addition  to  their 
other  channels,”  Bracco  says. 

Lawson  is  a  correspondent  with  the  IDG 
News  Service  s  San  Francisco  bureau. 
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This  is  the  first  column  of  the  new 
year,  so  that  means  it’s  time  once 
again  to  hand  out  Wired  Windows’ 
annual  Network  MVP  Award.  This  virtual 
award  (there’s  no  plaque,  no  trophy  and 
no  big  check)  is  given  each  year  to  the 
person  or  persons  who  —  in  my  estima¬ 
tion  —  have  done  the  most  to  further  their 
organization’s  network  agenda  during  the 
previous  year.  Just  like  most  sports’  MVP 
awards,  this  one  is  entirely  subjective. 

Previous  winners  have  been  HP’s  Carly 
Fiorina  (2001),  Radiant  Logic’s  Michel 
Prompt  (2000),  Bowstreet’s  Frank  Moss 
and  Jack  Serfass  (1999),  Directory  En¬ 
abled  Networks  cochairs  John  Strassner 


The  envelope,  please 


and  Steven  Judd  (1998),  and  Novell’s  Eric 
Schmidt  (1997). 

For  2002,  my  choice  comes  as  a  bit  of  a 
surprise,  even  to  me.  Early  in  the  year  I 
excoriated  the  activities  of  this  person’s 
group,  only  to  be  won  over  to  its  side  by 
year-end.  But  it  was  the  background 
against  which  this  man  worked  that  truly 
made  the  difference  in  determining  the 
appropriateness  of  this  choice. 

Eric  Dean  served  as  the  first  chairman  of 
the  Liberty  Alliance,  the  entity  Sun  started 
as  a  counterweight  to  Microsoft’s  Passport 
service  but  that  was  soon  taken  over  by 
the  many  Fortune  500  companies  that 
were  members  of  the  group.  Its  mission 
was  to  build  a  way  for  Web  sites  to  work 
together  by  creating  a  federated  network 
identity  solution  for  the  Internet. 

Early  in  the  year,  I  complained  bitterly 
about  the  speed  and  secrecy  surrounding 
the  development  of  Version  1  of  the  Li¬ 
berty  specification.  What  I  didn’t  know  at 
the  time  (but  now  surmise)  was  that  Dean 


was  working  to  a  personal  timetable  that 
required  completing  the  specification 
before  he  could  leave  the  chairmanship 
and  return  to  his  daily  duties  at  the  orga¬ 
nization  that  paid  his  salary.  You  see,  in 
addition  to  chairing  the  Liberty  Alliance, 
Dean  was  (and  still  is)  CIO  of  United 
Airlines, a  company  that  late  last  year  filed 
the  largest  transportation  bankruptcy 
ever.  United  should  be  able  to  pull 
through  and  restructure  to  fit  the  design  of 
a  modern  airline  company  in  large  part 
because  of  the  modernization  work  that 
Dean  and  his  team  are  doing  to  the  IT 
infrastructure. 

It’s  too  soon  to  tell  if  Dean  can  win  the 
MVP  for  his  work  at  United,  but  his  yeo¬ 
man  effort  coupled  with  the  splendid  suc¬ 
cess  of  the  Liberty  Alliance  places  him  in 
the  exalted  ranks  of  those  to  whom  we 
should  pay  homage.  Well  done,  Eric  Dean! 

Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
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Silicon  Valley.  He  can  be  reached  at 
wired@vquill.  com. 


Tip  of  the  Week 


While  I  really  dislike  the 
use  of  Adobe  PDF  files 
for  Web  sites,  they  do  prove 
useful  for  electronic  distrib¬ 
ution  of  items  intended  to 
be  printed.  I  even  use  the 
format  myself  for  that  pur¬ 
pose,  but  I  don’t  use  Acro¬ 
bat  to  create  these  docu¬ 
ments.  Instead,  I  use  Fine 
Print  software's  PDF  Factory 
(www.fineprint.com),  which 
gives  me  most  of  the  func¬ 
tionality  at  a  lot  lower  cost. 
Take  a  look  for  yourself! 
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This  type  of  auto-update  feature  is  impor¬ 
tant  because  it  keeps  end  users  out  of  the 
equation  when  it  comes  to  updating  poli¬ 
cies,  says  Zeus  Kerravaia,  an  analyst  with 
The  Yankee  Group.  Users  might  put  off 
retrieving  updates, especially  if  they  tie  into 
the  VPN  over  slow  connections.“No  matter 
how  simple  you  make  a  client,  if  it  inter¬ 
faces  with  an  end  user,  you  are  going  to 
have  problems,”  Kerravaia  says. 

Dents  in  the  armor 

Even  with  current  policies  in  place, 
remote  PCs  can  become  chinks  in  the 
armor  of  a  corporate  network,  so  many  VPN 
vendors  are  bundling  personal  firewalls 
with  their  client  software  to  block  hackers 
from  using  a  remote  machine  as  a  back¬ 
door  to  the  corporate  network,  says  Dave 
Kosiur,  an  analyst  with  Burton  Group.  But 
installing  the  firewall  is  no  guarantee  they 
are  being  used,  so  automatic  scanning  of 
remote  machines  for  properly  configured 
firewalls  is  also  important, he  says.The  same 
is  true  for  virus-scanning  software  that  also 
is  becoming  part  ofVPN  client  bundles. 

The  VPN  client  should  support  the  policy 
servers  verification  that  this  additional 
security  software  is  turned  on  and  that  the 
correct  version  is  running  before  allowing  a 
VPN  session.  This  compliance  check  is 
important  not  only  within  a  business,  but 
also  in  dealings  with  clients  and  partners, 
Aquent’s  Bolick  says. 

In  addition  to  firewalls  and  virus  scan¬ 
ning,  vendors  are  including  security  ele¬ 
ments  such  as  intrusion  detection  and  con¬ 
tent  filtering. “You  want  to  embed  as  many 
of  these  security  features  as  possible  in  the 
client,”  Kerravaia  says.  Having  them  all  inte¬ 
grated  —  something  no  vendor  has  done 
yet  —  would  make  enforcement  of  corpo¬ 
rate  policies  easier,  Gatten  says.  LabOne 
keeps  strict  tabs  on  what  Internet  sites 


employees  visit,  so  content  filtering  in  con¬ 
junction  with  the  VPN  client  would  simp¬ 
lify  monitoring.  “That  would  be  ideal,” 
Gatten  says. 

Another  way  to  secure  remote  machines 
is  via  a  feature  called  split  tunneling.  Split¬ 
tunneling  technology  lets  a  remote  ma¬ 
chine  connect  to  a  VPN  at  the  same  time  it 
connects  to  other  sites  on  the  Internet  with- 


fic  is  forced  through  the  central  site,  it  is 
easier  to  log,  he  says.  But  he  also  can  appre¬ 
ciate  Pingree’s  argument.  “It’s  great  to  have 
the  option  either  waj(  he  says. 

Crossing  firewalls 

In  addition,  Kosiur  says  users  should  look 
for  clients  to  encapsulate  VPN  traffic  inside 
protocols  that  can  cross  firewalls  easily 


Proprietary  VPN  client  features 

IPSec  standards  don’t  address  all  the  problems 
that  arise  with  VPN  software  on  remote  PCs,  so 
vendors  have  developed  proprietary  schemes  to 
deal  with  them. 


Problems 

•  Firewalls  that  alter  source 
addresses  can  block  VPN 
traffic  and  drop  sessions. 

•  As  policies  are  updated, 
they  need  to  be  distributed 
as  quickly  as  possible. 

•  End  users  turn  off 
supplementary  software  that 
protects  remote  machines. 


Solutions 

•  Encapsulating  VPN  traffic 
inside  another  protocol  such  as 
User  Datagram  Protocol  that 
more  easily  cross  firewalls. 


The  SSL  threat 

Remote-access  IPSec 
VPNs  cost  half  what 
dial-up  does,  but  that 
is  still  twice  as  much  as 
SSL  alternatives.  The 
Yankee  Group  says. 


•  Central  policy  servers  that 
send  the  latest  policies  to  the  remote  machines  each 
time  they  log  on. 

•  Automated  checks  that  refuse  to  set  up  VPN  links 
unless  security  software  is  updated  and  turned  on. 


out  compromising  the  secure  tunnel. 

That  way  general  Internet  traffic  does  not 
have  to  be  shuttled  through  the  VPN  then 
onto  the  Internet  via  the  Internet  connec¬ 
tion  at  the  central  site.  This  is  attractive 
because  it  reduces  the  amount  of  traffic 
flowing  through  the  central  site,  but  at  the 
same  time,  it  isolates  the  VPN  traffic  from 
general  Internet  traffic,  Gatten  says. 

“It  lets  you  protect  your  endpoint,”  says 
Lawrence  Pingree,  global  network  security 
architect  for  BeopleSoft. 

Turning  off  split  tunneling  can  simplify 
enforcement  of  corporate  restrictions  on 
Internet  use,  Gatten  says.  If  all  Internet  traf¬ 


“This  is  important  to  roaming  users  who 
might  want  to  create  a  connection  from 
behind  a  hotel  firewall  or  different  compa¬ 
ny’s  firewall,”  Pingree  says. 

If  VPN  traffic  passes  through  a  device  — 
typically  a  firewall  —  that  changes  its 
header  source  address,  the  device  that  is 
supposed  to  receive  it  will  reject  it  because 
of  the  alterations.  To  get  around  this,  ven¬ 
dors  wrap  IPSec  packets  in  some  other  pro¬ 
tocol  that  easily  passes  through  the  device 
that  translated  the  address.  When  it  arrives 
at  the  destination  the  outer  packet  is 
stripped  off  and  the  IPSec  payload  can  be 
decrypted. 


Without  this  capability  firewalls  effectively 
can  block  tunnels  from  being  established. 
Check  Point  uses  User  Datagram  Protocol 
(UDP)  encapsulation  and  can  adopt  it  on 
the  fly  when  it  encounters  a  device  that 
would  disrupt  a  VPN  tunnel,  Kosiur  says. 
Major  VPN  vendors  such  as  Cisco,  Nortel, 
Enterasys  Networks  and  NetScreen  do  this 
in  one  form  or  another  as  well. 

In  addition  to  working  from  behind  fire¬ 
walls,  it  is  desirable  for  clients  to  work 
with  gateways  made  by  other  vendors, 
according  to  Kerravaia.  “If  you 
have  to  deliver  results  to  a  busi¬ 
ness  partner,  it’s  really  handy  to 
make  a  VPN  connection  with 
whatever  they  have  at  the  other 
end,”  Gatten  says. 

And  when  companies  merge, 
such  interoperability  can  remove 
some  of  the  pain  and  expense  of 
merging  networks.“If  you’re  in  that 
world  where  you’re  acquiring  com¬ 
panies  with  installed  infrastruc¬ 
ture,  you’re  not  going  to  want  to 
take  out  a  $50,000  gateway 
because  it  was  made  by  somebody  else," 
Gatten  says. 

Because  most  vendors  follow  the  IPSec 
set  of  standards,  their  VPN  gear  can  be  con¬ 
figured  to  interoperate  at  some  level  with 
other  vendors’  equipment,  Kerravaia  says. 
This  is  good  because  it  lets  businesses  cre¬ 
ate  heterogeneous  networks  that  don’t  rely 
on  a  single  vendor,  he  says. 

While  all  vendors  don’t  have  all  features, 
they  constantly  add  more  to  stay  competi- 
tive.“They’re  all  playing  catch-up  with  each 
other,”  Kosiur  says. 

They  also  face  a  threat  from  outside  the 
IPSec  arena  from  Secure  Sockets  Layer 
(SSL)  remote-access  vendors  that  use 
standard  browsers  as  remote  clients, a  sim¬ 
pler  and  satisfactory  means  of  meeting 
many  remote  access  needs,  Kerravaia 
says.  And,  he  notes,  the  SSL  option  costs 
half  as  much.B 
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Dell  edge  switch  delivers  wire-speed  throughput,  QoS 

PowerConnect  3248  delivers  zero-loss  throughput  plus  manages 
traffic  priorities  under  congestion  scenarios . 2 


Check  Point  excels  in  security  tests  with  rivals 

Check  Point's  VPN-1  Pro  goes  up  against  Cisco  and  NetScreen 
gear  in  firewall/VPN  throughput  tests . 3 

ADTRAN  flexes  T1  access  router  muscle 

Company's  NetVanta  3200  access  router  takes  on  Cisco  device 
in  tests  of  throughput,  firewall  performance . 4 


HP  triumphs  in  competitive  FE/GbE- tests 

Procurve  5308x1  demonstrates  lead  over  Catalyst  switch  in 
performance  and  traffic  prioritization  .. . 5 


Enterasys  prevails  in  branch  office  router  tests 

XSR-1850  and  XSE-1805  both  top  Cisco  VPN  gear  in  throughput 
tests  with  active  ACLs  and  QoS . . 

Extreme  shines  in  VoIP  congestion  tests 

The  vendor's  BlackDiamond  6808  and  Summit48si  switches 
maintained  toll-quality  even  under  congestion  duress . 7 
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Dell  switch  delivers  wire-speed 
throughput,  QoS  to  net's  edge 


Test  Highlights 

O  Delivers  zero-loss,  wire-speed  throughput  across  all  ports  and  frame  sizes 
O  Achieves  an  aggregate  throughput  of  13.6  Gbps  for  all  frame  sizes  tested 

O  Manages  traffic  priorities  dynamically  during  port  congestion  based  on  Layer  3  and  Layer  4  information 


Product  name: 


Dell  Computer  Corp. 

PowerConnect  3248 

Version  Tested: 

Version  2.0.16 

Product  Class: 

Enterprise-class  edge  switch 

Testing  Date: 

May  2002 

Document  Number: 

Test  Summary  202114 

For  the  complete  Test  Summary,  visit: 

http://www.  tollv.  com/T pllvBenchmarks 

Product  info: 

www.  dell,  com/networkina 
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Dell  Computer  Corp.  PowerConnect  3248 

It  used  to  be  that  zero-loss,  wire-speed  performance  was  enough  for  an 
enterprise-class  network  edge  switch.  Not  any  more.  While  tests  confirm 
that  Dell's  PowerConnect  3248  delivers  wire-speed  performance,  tests 
also  demonstrate  that  the  switch  delivers  flexible  Quality  of  Service  to 
ensure  mission-critical  applications  get  the  bandwidth  they  deserve  while 
protecting  precious  network  core  resources. 

The  Tolly  Group  tested  a  PowerConnect  3248  configured  with  48  ports 
of  Fast  Ethernet  and  two  Gigabit  Ethernet  ports  and  subjected  the  switch 
to  zero-loss  bi-directional  throughput  tests  at  64-,  512-  and  1518-byte 
frames.  In  every  instance,  the  PowerConnect  3248  delivered  100%  of 
zero-loss  bi-directional  performance  for  an  aggregate  throughput  of  13.6 
Gbps.  The  total  frames  per  second  for  all  48  Fast  Ethernet  and  the  two 
Gigabit  Ethernet  ports  when  transmitting  100%  load  was  20,238,074  at 
64-byte  frames,  3,195,466  at  512-byte  frames,  and  1,105,307  when 
forwarding  1518-byte  frames. 

Switch  performance  tells  only  half  the  story  though.  The  Tolly  Group  also 
subjected  the  PowerConnect  3248  to  rigorous  QoS  tests  at  Layer  3  and 
Layer  4  to  determine  how  the  switch  allocates  bandwidth  during 
oversubscription  scenarios.  For  Layer  3  traffic,  we  tested  the  switch's 
ability  to  process  Differentiated  Services  Code  Point  (DSCP)  traffic.  We 
examined  traffic  flagged  for  "expedited  forwarding"  as  well  as  "best  effort." 
At  Layer  4,  we  assigned  SNMP  traffic  flows  and  TCP/UDP  sockets  to  the 
highest  QoS  queue  priority  while  HTTP  traffic  was  assigned  to  the  lowest 
QoS  queue.  Traffic  was  also  mapped  to  the  two  QoS  queues  between  the 
highest  QoS  queue  and  the  lowest  QoS  queue. 

QoS  testing  of  the  PowerConnect  3248  verified  that  the  switch  allocates 
bandwidth  appropriately  according  to  defined  QoS  scheduling  parameters 
and  forwards  traffic  based  on  the  prioritization  scheme.  When  the  ingress 
port  was  oversubscribed  by  up  to  180%,  high-priority  traffic  passed 
effectively  but  low-priority  traffic  was  not  completely  starved  off.  In 
extreme  oversubscription  of  the  port  by  220%,  the  PowerConnect  3248's 
Weighted  Round  Robin  scheduling  mechanism  began  to  scale  back  on 
high-priority  traffic  so  it  would  not  totally  starve  out  low-priority  traffic. 


This  type  of  flexible  QoS  is  precisely  what  enterprise  network  managers  need 
to  police  traffic  at  the  edge  of  the  network  and  ensure  critical  applications 
receive  the  bandwidth  they  need  during  periods  of  oversubscription. 
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Check  Point  VPN-1  Pro  excels  in 
enterprise-class  security  tests  with  rivals 


Check  Point  VPN-1  Pro™ 

Check  Point  Software  Technologies,  Ltd.  went  head  to  head  in  competitive 
performance  tests  against  firewallA/PN  products  from  Cisco  Systems  and 
NetScreen,  outclassing  its  rivals  in  every  test. 

Check  Point  tested  its  VPN-1  Pro  enterprise-class  security  platform  against 
a  Cisco  PIX-535  and  a  NetScreen-500.  Tests  show  that  in  Gigabit  Ethernet 
throughput  tests  of  a  single-rule  firewall,  the  VPN-1  Pro  delivered  1.92 
Gbps,  versus  1 .76  Mbps  for  the  PIX-535  and  600  Mbps  for  the  NetScreen- 
500  when  tested  with  1 ,450-byte  packets.  All  devices  tested  were  dual-port 
configurations,  but  Check  Point  also  tested  a  four-port  configuration  of  its 
VPN-1  Pro  and  it  achieved  2.84  Gbps  of  throughput  in  the  single-rule 
firewall  tests,  or  50%  more  traffic  that  the  dual-port  configuration. 

In  tests  of  VPN  throughput  in  a  3DES  encryption  environment,  the  VPN-1 
Pro  delivered  100  Mbps  versus  20  Mbps  each  for  the  rival  Cisco  and 
NetScreen  products  when  handling  64-byte  packets.  Throughput  increased 
to  180  Mbps  for  the  VPN-1  Pro  during  1,450-byte  packet  tests,  while  the 
NetScreen-500  offered  180  Mbps  and  the  Cisco  PIX-535  offered  100 
Mbps.  The  Tolly  Group  even  measured  the  throughput  of  the  VPN-1  Pro 
supporting  the  Advanced  Encryption  Standards  (AES)  algorithm  versus  the 
NetScreen-500.  The  VPN-1  Pro  achieved  100  Mbps  of  AES  throughput, 
versus  just  5  Mbps  for  the  NetScreen-500  when  processing  64-byte  pack¬ 
ets.  The  VPN-1  Pro  throughput  jumped  five-fold  to  500  Mbps  when  han¬ 
dling  1 ,450-byte  packets,  versus  just  20  Mbps  for  the  NetScreen-500. 


Project  Profile 


Product  name/Version: 

•  Check  Point  VPN-1  Pro™  SecurePlatform 
NG  FP2 

•  Cisco  PIX-535  Version  6.1(2) 

•  NetScreen-500  ScreenOS,  version  3.1 

Product  Class: 

Enterprise-class  Internet 
security  system 

Testing  Date: 

July  through  August  2002 

Document  Number: 

Test  Summary  202132 

For  the  complete  Test  Summary,  visit: 

http://www.  tollv.  com/T pllvBenchmarks 

For  more  information: 

http://www.  checkpoint,  com/products/ 

connect/vpn-1  pro.html 


Chariot  Application  (Layer  7)  Traffic 
Throughput  Evaluation1 
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VPN-1/Firewall-1  PIX-535 

Gateway 

Devices  under  test  (DUT) 

■  Firewall  13  VPN-3DES  bVPN-AES 


1  This  test  occurred  with  two  Gigabit  Ethernet  ports  on  each  device  using 
Chariot  endpoints  to  generate  a  bi-directional  real-world  mix  of  traffic.  The 
Chariot  specweb  script  was  run  for  two  minutes  in  duration,  for  three  iterations. 
The  average  of  the  three  was  taken.  DUTs  were  peered  with  a  Check  Point  device. 

2  Cisco  did  not  participate  because  the  PIX-535  does  not  support  AES. 


In  tests  of  "real-world"  traffic  flows,  the  VPN-1  Pro 
forwarded  758  Mbps  of  application  traffic  when 
configured  as  a  firewall,  versus  726  Mbps  for  the 
PIX-535  and  478  Mbps  for  the  NetScreen-500.  In 
real-world  traffic  tests  with  the  devices  configured 
for  VPNs,  the  VPN-1  Pro  supported  106  Mbps 
versus  69  Mbps  for  the  NetScreen-500  and  66  Mbps 
for  the  PIX-535. 

The  Check  Point  VPN-1  Pro  consistently  demonstrated 
higher  performance  than  competitive  products.  On  the 
firewall  side,  it  delivered  15%  greater  throughput  than 
its  nearest  competitor,  while  in  VPN  tests  using  3DES 
with  firewall  functions  enabled,  the  VPN-1  Pro 
achieved  five  times  more  throughput  than  its  nearest 
rival.  Beyond  performance,  the  VPN-1  Pro  achieved 
the  lowest  cost  per  megabit  of  throughput  for  all 
devices  tested  -  $21 .37  for  the  VPN-1  Pro  versus 
$73.21  for  the  NetScreen-500  and  $90.91  for  the 
Cisco  PIX-535. 

Check  Point' 
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ADTRAN's  NetVanta  access  router 
surpasses  Cisco  in  performance  tests 


ADTRAN  NetVanta  3200 

In  the  hotly  contested  T1  access  router  market,  it  used  to  be  that  buyers 
would  encounter  a  trade-off  between  price  and  performance.  Not  any 
more.  Users  have  come  to  expect  line-rate  performance  even  when 
security  facilities  are  enabled,  and  security  services  should  not  introduce 
latency  to  impact  application  throughput. 

With  that  in  mind,  ADTRAN  commissioned  The  Tolly  Group  to  benchmark 
the  performance  of  the  NetVanta  3200  access  router  versus  a  Cisco 
Systems  1720/1 751V,  examining  zero-loss  throughput,  firewall  performance 
and  latency  characteristics. 

Tests  show  that  the  NetVanta  3200  forwarded  99%  of  the  theoretical 
maximum  throughput  compared  to  the  Cisco  1720/1 751V,  which  forwarded 
96%  of  the  theoretical  maximum  when  processing  64-byte  packets.  Both 
devices  forwarded  100%  of  the  theoretical  maximum  throughput  when 
handling  512-  and  1,500-byte  packets. 

In  firewall  performance  tests,  each  device  was  configured  as  a  10-rule 
firewall,  where  the  first  nine  rules  deny  traffic  and  the  final  rule  allows  all 
traffic  in  a  full-duplex,  Fast  Ethernet  environment  with  NAT  enabled  and  30 
dynamic  RIP  routes  populated.  While  both  devices  performed  at  wire 
speed  or  near  wire  speed  for  the  majority  of  throughput  and  firewall  tests,  it 
was  in  the  firewall  tests  of  the  smallest  packet  sizes  that  the  NetVanta 
excelled,  outperforming  the  Cisco  device  by  54%  when  processing  64-byte 
packets.  Throughput  of  small  packets  is  an  important  factor  when  taking 
into  consideration  that  most  network  management  traffic  and 
acknowledgements  are  relatively  small  in  size. 


Project  Profile 


Product/Verion  name: 

•  ADTRAN  NetVanta  3200,  version,  2.1.0 

•  Cisco  Systems,  Inc.  1720/1751, 
version  12.2(8)YJ 

Product  Class: 

T 1  access  router 

Testing  Date: 

October  2002 

Document  Number: 

Test  Summary  202151 

For  the  complete  Test  Summary,  visit: 

http://www.  tollv.  com/T pllvBenchmarks 

Product  info: 

http://www.  dare2comoare.  adtran.  com 


With  regard  to  latency,  tests  also  reveal  that  both  the  NetVanta  3200  and  the 

Cisco  devices  sustain  throughput  with  very  low  latency,  at  levels  acceptable  for  the  most  latency-sensitive  applications,  such 
as  voice.  Latency  results  were  well  below  the  150-millisecond  threshold  recommended  by  the  ITU-T  G.114  as  acceptable 
end-to-end  delay.  With  each  device  configured  as  a  firewall  with  NAT  enabled,  30  dynamic  RIP  routes,  and  running  100  UDP 
sessions,  the  NetVanta  3200  latency  achieved  a  latency  of  0.5  milliseconds,  while  the  Cisco  1720  exhibited  a  latency  of  0.3 

milliseconds  latency. 

Zero-Loss  (<0.001  %)  Bidirectional  Firewall  Throughput 
across  WAN  with  10  Active  Rules 
(Frame  Relay  over  T1)  as  reported  by  SmartWindow 


TO 

O 

0) 

k_ 

o 

0) 

-C 


c 

<1) 

o 

i_ 

0) 

Q. 


3 

a 

JZ 

U) 

3 

O 


E 

3 

E 

’5 

TO 

E 


100 


The  NetVanta  3200  offers  performance  and  functionality 
to  rival  the  Cisco  offering.  Test  results  show  that  the 
NetVanta  3200  offers  consistently  high  throughput,  high 
firewall  throughput,  and  very  low  latency  across  frame 
relay  networks  comparable  to  that  of  the  Cisco  device. 


Adtran  3200 


Cisco 

1720/1 751V 


Adtran  3200 


Cisco 

1720/ 1751V 


2  sessions 


500  sessions* 


From  a  cost  standpoint,  the  NetVanta  3200  lists  at  a 
U.S.  price  of  $995  configured  with  a  T1  interface  and 
firewall,  while  a  Cisco  1720  lists  for  $2,195  and  yet 
requires  an 

additional  $900  firewall  option.  This  puts  the  NetVanta 
3200  at  roughly  less  than  a  third  the  cost  of  the 
Cisco  1720. 


Packet  size  (bytes) 
■  64  ■  512  □  1,500 


ADIRAn 


*  200  Sessions  were  used  for  1,500-byte  frames 
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HP  Procurve  outperforms  Cisco 
in  Layer  2/3,  FE/GbE  tests 


Test  Highlights 

O  Delivers  100%  of  wire-speed  Layer  2  throughput  with  Gigabit  Ethernet  uplinks  compared  to  the 
Catalyst  4006  which  delivered  only  25%  in  the  same  scenario 

O  Exhibits  at  least  20%  lower  latency  for  all  packet  sizes  tested  compared  to  the  Catalyst  4006 

O  Conforms  more  closely  to  defined  mapping  and  management  of  multiple  priority  queues  than  the  Catalyst  4006 

O  Offers  four  times  better  performance  at  one-fourth  of  the  price  of  the  Catalyst  4006  with  Gigabit-over-copper  ports 


Hewlett-Packard  Procurve  Switch  5308x1 

Hewlett-Packard  Co.  pitted  its  Procurve  Switch  5308x1  against  a  Cisco 
Systems,  Inc.  Catalyst  4006  in  a  series  of  Layer  2/Layer3,  Fast 
Ethernet/Gigabit  Ethernet  performance  tests  that  prove  the  HP  device 
offers  superior  performance  and  reduced  latency. 

The  HP  Procurve  Switch  5308x1  is  a  high-density,  high-performance  Layer 
2/3/4  switch  with  eight  slots  that  accommodate  a  variety  of  modules.  For 
these  tests,  The  Tolly  Group  tested  the  switch  with  Gigabit-over-copper 
modules  in  a  variety  of  network  topologies  and  port  configurations. 

Test  results  show  that  the  5308x1  forwarded  zero-loss,  wire-speed  or  near 
wire-speed  throughput  for  all  packet  sizes  tested  at  both  Layer  2  and 
Layer  3  regardless  of  topology,  whereas  the  Catalyst  4006  forwarded  only 
25%  of  line  rate  with  zero-loss  in  GbE  and  mixed  topology  tests. 

Latency  tests  show  that  the  5308x1  had  at  least  20%  lower  latency  than 
the  Catalyst  4006,  regardless  of  packet  size  or  line  speed.  Lower  latency 
numbers  are  better  since  they  signify  less  delay.  In  a  Fast  Ethernet 
topology  when  handling  1,518-byte  packets,  the  5308x1  had  an  average 
latency  of  153  microseconds  at  both  Layer  2  and  Layer  3,  while  the 
Catalyst  4006  had  an  average  latency  of  223  microseconds  at  Layer  2 
and  195  microseconds  at  Layer  3.  In  a  Gigabit  Ethernet  topology  when 
handling  1,518-byte  packets,  the  5308x1  achieved  an  average  latency  of 
22  microseconds  for  Layer  2  and  Layer  3,  while  the  Catalyst  4006 
achieved  an  average  latency  of  30  microseconds  in  the  same  scenarios. 

Engineers  also  conducted  flow  rate  tests  to  determine  whether  each 
device  is  capable  of  properly  implementing  defined  queuing  behavior 
in  handling  prioritized  traffic.  For  both  systems,  the  default  priority  policies 
were  used  in  a  20:1  Fast  Ethernet  configuration  with  the  egress  port 
oversubscribed  by  25%  of  line  rate.  Results  show  the  5308x1  correctly 
forwarded  and  dropped  traffic  according  to  the  defined  policy  parameters 
based  on  QoS  classifications  as  recommended  by  the  IEEE  whereas  the 
Catalyst  4006  did  not. 

The  Tolly  Group  also  examined  each  device's  use  of  classification  policies 
at  both  Layer  2  and  Layer  3.  Incoming  traffic  was  evaluated  for  specific 
characteristics  (its  source  port  and  the  content  of  the  UDP  port  identifier) 
and  then  marked  with  an  appropriate  priority. 


Project  Profile 


Product  name/Version: 

•  Hewlett-Packard  Procurve  Switch  5308x1 
(HP  J4819A) 

—  Procurve  Switch  XL10/100-TX  Module 
(HP  J4820A) 

—  Procurve  Switch  XL  100/1000-T 
Module  (HP  J4821A) 

•  Cisco  Systems,  Inc.  Catalyst  4006  with 
Supervisor  Engine  III  (WS-X4014) 

—  Catalyst  4000  10/100  Auto  Module 
(WS-X4148-RJ) 

-  GE  Switch  Module,  12-1000T  RJ45+2 
1000XGBIC  (WS-X441 2-2GB-T) 

Product  Class: 

Layer  2/Layer  3  Fast  Ethernet/Gigabit 
Ethernet  switch 

Testing  Date: 

August  2002 

Document  Number: 

Test  Summary  202153 

For  the  complete  Test  Summary,  visit: 

http://www.  tollv.  com/T ollvBenchmarks 

For  more  information: 

http://www.  hp.  com/rnd/products/switches/ 

switch5300XLseries/summarv.  htm 
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Enterasys'  branch  office  routers  top  Cisco 
in  head-to-head  routing,  QoS  and  VPN  tests 


XSR-1805  delivers  up  to  7  times  the 
VPN  throughput  of  a  Cisco  2651 XM 

Network  edge  devices,  such  as  branch  routers,  have  emerged  as  pivotal 
devices  in  enterprise  networks  where  they  are  positioned  to  deliver 
wire-speed  Ethernet  and  Fast  Ethernet  access  to  enterprise  backbones. 
These  devices  rely  upon  features  such  as  Quality  of  Service  and  access 
control  lists  to  police  data  and  ensure  proper  bandwidth  utilization. 

Recent  head-to-head  testing  conducted  by  The  Tolly  Group  shows  that 
the  performance  of  some  Cisco  Systems  Inc.  branch  routers  may  well 
buckle  when  services  such  as  QoS  and  ACLs  are  activated,  while  the 
equivalent  Enterasys  Networks  routers  deliver  high  bandwidth  without 
missing  a  beat.  Enterasys  commissioned  the  branch  office  router  tests. 

Full-duplex  routing-Enterasys  is  more  than  3X  faster 

In  one  set  of  performance  benchmarks  between  an  Enterasys  XSR-1850 
Security  Router  versus  a  Cisco  2651  XM  Modular  Access  Router  (both 
modular  devices),  the  XSR-1850  delivered  full-duplex  Fast  Ethernet 
throughput  of  95%  or  greater  on  three  of  five  frame  sizes  tested.  By 
contrast,  the  highest  full-duplex  Fast  Ethernet  throughput  a  Cisco  2651 
could  muster  was  just  31%  of  the  theoretical  maximum  -  which  equates  to 
61  Mbps.  When  handling  1,518-byte  frames,  the  XSR-1850  delivered 
199.6  Mbps,  or  99.8%  of  the  theoretical  maximum  throughput.  The  Cisco 
2651XM  achieved  just  61  Mbps  of  throughput  with  the  same  frame  size. 


Project  Profile 


Product/Version  name: 

•  Enterasys  XSR-1850,  v.  3. 0.0.0 

•  Enterasys  XSR-1805,  v.  3. 0.0.0 

•  Cisco  Systems,  Inc.  2651  XM,  v. 
12.2(8)T5 

•  Cisco  Systems,  Inc.  1751,  v.  12.2(8)T5 

Product  Class: 

Branch  office  router 

Testing  Date: 

November  2002 
Document  Number: 

Test  Summaries  202154,  202155,  202156 
For  the  complete  Test  Summary,  visit: 

http://www.  tollv.  com/T pllvBenchmarks 

Product  info: 

http://www.  enterasys.  com/xpedition/XSR- 1 800/ 


Engineers  also  tested  an  Enterasys  XSR-1805  and  a  Cisco  1751,  conducting  zero-loss  (<0.001  %)  bi-directional  (full-duplex) 

Layer  3  throughput  tests  and  zero-loss  Layer  3  throughput  with  QoS  and  ACLs  enabled. Here  again,  the  XSR-1805  performed 
flawlessly,  delivering  20  Mbps  of  full-duplex  Ethernet  across  all  frame  sizes  tested.  By  contrast,  the  Cisco  1751  stumbled  with 
64-byte  frames,  delivering  16  Mbps,  or  80%  of  the  theoretical  maximum  throughput.  The  Cisco  1751  handled  all  other  frame  sizes 
at  wire  speed. 


Full-Duplex  VPN  Performance 


Packet  size  (bytes) 


■  Enterasys  XSR-1805  □  Cisco  1751  ■  Cisco  2651XM 


Enterasys  delivers  wire-speed  throughput  with  QoS 

With  QoS  enabled,  the  XSR-1805  again  delivered 
wire-speed  throughput  at  all  packet  sizes.  The  Cisco  1751 
only  forwarded  40%  of  wire  speed  when  handling 
64-byte  packets,  47%  when  handling  256-byte  packets 
and  97%  when  handling  512-byte  packets  in  the  same 
scenario.  Like  the  XSR-1805,  the  Cisco  1751  forwarded 
100%  of  line  rate  at  1,024-  and  1,518-byte  packets.  With  a 
variety  of  ACL  rules  enabled,  the  XSR-1805  delivered  from 
51%  to  91%  of  wire-speed  throughput,  while  the  Cisco  1751 
delivered  between  60%  and  75%  of  wire-speed  throughput. 

VPN  Performance-Enterasys  is  7X  faster 

In  head-to-head  VPN  performance  tests  against  a  Cisco 
2651  XM  in  a  Fast  Ethernet  scenario,  the  XSR-1805 
forwarded  four  times  the  throughput  of  the  Cisco  2651  XM 
at  the  smalles  packet  size  of  64  bytes  and  sustained  the 
performance  advantage  even  up  through  the  largest 
packet  size  of  1 ,420  bytes  providing  more  than  seven  times 
the  throughput  of  the 

Cisco  2651XM.  ENTERASYS 


NETWORKS 


6  Tolly  Benchmarks 


www.tolly.com 


Special  Advertising  Section 


January  2003 


Extreme  shines  in  VoIP 
congestion  tests 


Test  Highlights 

O  Maintains  acceptable  toll-quality  voice  even  under  adverse  congestion  conditions 
O  Permits  high-priority  traffic  to  pass  onto  network  core  uninterrupted 
O  Provides  consistently  lower  latency  than  Cisco  AWID  solution 

O  Achieves  consistently  lower  jitter  than  the  Cisco  network  gear  even  under  minimal  congestion 


BlackDiamond  6808  and  Summit48si 

Rigorous  tests  of  voice  over  IP  (VoIP)  call  quality  on  microcosms  of  converged 
IP  networks  from  Extreme  Networks  and  Cisco  Systems  reveal  that  the 
Extreme  infrastructure  delivers  superior  voice  quality  under  severe  network 
congestion  scenarios. 

The  test  results  show  that  Extreme  Networks  BlackDiamond  core  network  switches 
delivered  consistent  voice  quality,  latency  and  jitter  even  as  congestion  levels  rise 
to  100%  oversubscription  of  core  switch  ports,  while  the  voice  quality  of  Cisco 
Catalyst  switches  tested  began  to  suffer  after  just  40%  of  port  oversubscription. 

Moreover,  while  many  vendors  typically  demonstrate  they  can  handle  congestion 
on  uplinks  between  the  network  edge  and  core  switches,  testing  shows  that 
Extreme  Networks  switches  deliver  business-quality  audio  even  during  periods  of 
congestion  in  the  network  backbone  while  call  quality  on  Cisco  switches  degraded. 

The  Tolly  Group  recorded  the  average  call  quality  score  as  measured  by  the 
Perceptual  Speech  Quality  Metric  (PSQM),  which  measures  the  distortion  of  a 
speech  signal  taking  into  account  the  human  perception  and  processing  of  speech. 
PSQM  scores  range  from  0  to  6.5,  with  a  score  of  1.5  or  below  recognized  as 
toll  quality.  Engineers  subjected  both  Extreme  and  Cisco  switches  to 
oversubscription  load  scenarios  ranging  from  30%  of  core  ports  and  inter-switch 
links  to  100%  oversubscription. 

Voice  quality  tests  show  that  the  Extreme  and  Cisco  switches  deliver  comparable 
voice  quality  under  relatively  low  congestion  scenarios  (up  to  30%  of  link 
oversubscription).  However,  when  congestion  increased  beyond  a  40% 
oversubscription  load  the  voice  quality  delivered  by  Cisco  switches  plummeted 
while  Extreme's  switches  maintained  a  consistent  toll-quality  PSQM  score  (0.4) 
across  all  oversubscription  test  scenarios.  Cisco  PSQM  scores,  by  contrast, 
jumped  from  0.4  under  a  30%  oversubscription  load,  to  5.6  under  a  40% 
oversubscription  load  and  then  to  the  PSQM  nadir  of  6.5  -  meaning  as  congestion 
mounted  on  network  switches,  Cisco  voice  quality  degraded  from  toll  quality  to 
poor  quality.  Concurrent  with  the  drop  in  voice  quality,  Cisco  switches  exhibited 
high  levels  of  latency  and  jitter. 

From  a  price/performance  perspective,  the  Extreme  Networks  solution,  including 
64  Gigabit  Ethernet  core  ports  on  a  BlackDiamond  6808  switch  and  two 
Summit48si  edge  switches,  costs  $137,605.  The  Cisco  solution,  utilizing 
Catalyst  6509  with  WSX6516  Gigabit  Ethernet  line  cards  and  two  Catalyst  3550 
switches,  cost  $206,904  -  or  50%  more  than  the  Extreme  solution.  A  second 
Cisco  solution,  utilizing  a  Catalyst  6509  with  WSX6816  line  cards  and  two 
Catalyst  3550  switches,  cost  $226,904  -  or  65%  higher  than  the  Extreme 
solution.  Full  configuration  data  is  available  in  Test  Summary  #  202158. 


Project  Profile 


Product  name/Version: 

•  Extreme  Networks  BlackDiamond 
6808  Ver  6.2.2 

•  Extreme  Networks  Summit48si 
Ver  6.2.2 

•  Cisco  Systems  Catalyst  6509 
Ver  12.1  (13)  E 

•  Cisco  Systems  Catalyst  3550 
Ver  12.1  (11) 

Product  Class: 

Enterprise  VoIP  switches 

Testing  Date: 

November  through  December  2002 

Document  Number: 

Test  Summary  202158 

For  the  complete  Test  Summary, 
visit: 

http://www.  tollv.  com/T ollvBenchmarks 

For  more  information: 

http://www.  extremenetworks.  com 
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Complete  SAN  LAN  performance  tools. 

Finisar  has  been  offering  its  customers  the  tools  necessary  to  increase  efficient 
network  operation  for  over  14  years.  Finisar's  family  of  network  analysis  and 
performance  testing  products  ensure  optimum  performance  through  constant 
monitoring,  measuring  and  analysis;  locating  and  repairing  problems  before 
they  cause  an  impact. 

Listening  to  customer  needs,  we  develop  products  that  are  flexible  and  scalable 
to  grow  and  evolve  with  today's  SAN  and  LAN  environments.  No  other  company 
offers  products  as  easy-to-use  and  easy-to-implement. 

Take  a  test  drive. Remove  the  gridlock  from  your  network.  Test  drive  Finisar 
Performance  Tools  at  www.finisar.com/testdrive 
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Lessons  from  Leading  Users 


Air  Force  streamlines  electronic  paperwork 


■  BY  ANN  BEDNARZ 

WASHINGTON,  D.C.  —  Electronic 
forms  aren’t  the  most  exciting  tech¬ 
nology  inside  the  US.  Air  Force,  espe¬ 
cially  with  F-22  Raptor  fighter  jets  and 
B-2  Spirit  bombers  to  consider.  But 
when  18,000  different  forms  and 
700,000  end  users  are  involved, 
e-forms  become  a  real  priority  —  so 
much  so  that  the  Air  Force  is  spend¬ 
ing  $6.7  million  to  overhaul  its  obso¬ 
lete  forms  system. 

Converting  existing  static  forms  — 
which  include  everything  from  per¬ 
sonnel  and  travel  requests  to  logistics 
and  financial  transactions  —  to 
smarter,  Web-based  versions  will 
make  the  process  of  accessing,  filling 
out  and  sending  forms  much  easier 
for  Air  Force  personnel  worldwide, 
says  Carolyn  Watkins-Taylor,  director 
of  the  Air  Force’s  departmental  pub¬ 
lishing  office. 

In  addition  to  streamlined  forms  cre¬ 
ation,  the  Air  Force  gains  better  man¬ 
agement  capabilities  and  increased 


employee  productivity.  The  publish¬ 
ing  office  hasn’t  conducted  a  formal 
cost-savings  analysis,  but  if  the  new 
system  saves  every  person  in  the  Air 
Force  community  just  30  minutes  per 
year  of  time-consuming  data  entry, 
that’s  a  $9  million  savings  annually, 
Watkins-Taylor  says. 

“And  we  think  we  can  do  even  bet¬ 
ter  than  that,” she  says.“We’re  looking 
at  it  conservatively 

The  electronic  forms  overhaul  is 
part  of  a  broader  content  manage¬ 
ment  effort  to  modernize  Air  Force 
publishing  that  includes  Web¬ 
enabling  technical  manuals  and 
deploying  XML  databases.  For  the 
$6.7  million  forms  component,  the 
Air  Force  is  using  XML-based  infor¬ 
mation  management  software  from 
PureEdge  Solutions. 

PureEdge’s  Internet  Commerce 
System  (ICS)  lets  users  create,  cap¬ 
ture,  process  and  archive  secure 
XML  e-forms  using  the  Internet.  A 
simple  but  crucial  feature  of 
See  Air  Force,  page  18 


Forms  makeover 

The  U.S.  Air  Force  overhauled  its  obsolete  electronic  forms  system 
with  XML-based  technology  from  PureEdge  Solutions.  The  goal  is  to 
make  form-filling  easier  and  more  automated. 


®  Web-based  software  from  PureEdge 
encapsulates  a  form  and  all  related 
data,  including  attachments,  in  one 
document,  making  it  easier  for  users 
to  archive  completed  forms. 


® Secure  routing  and  digital  ®  Tight  integration  between  the  PureEdge 

signature  features  let  users  software  and  Air  Force  back-end 
swap  forms  over  the  Internet  systems,  such  as  IBM  Content  Manager, 
without  stopping  to  print,  sign  will  enable  self-populating  form  fields 

and  mail  multiple  versions.  and  reduce  repetitive  data  entry. 


Microsoft  unwraps  new  Exchange  server 


■  The  Organization  for  the  Ad¬ 
vancement  of  Structured  Informa¬ 
tion  Standards  last  week  formed  a 
technical  committee  to  increase 
awareness  about  the  use  of  public- 
key  infrastructure  for  Web  ser¬ 
vices  and  other  applications.  PKI, 
which  has  shown  much  promise  but 
garnered  little  corporate  adoption 
because  of  its  complexity,  enables 
secure  electronic  transactions  based 
on  digital  certificates.  The  new  tech¬ 
nical  committee  will  operate  within 
the  PKI  Member  Section,  and  focus 
on  delivering  white  papers,  imple¬ 
mentation  guidelines  and  confor¬ 
mance  tests. 


■  BY  JOHN  FONTANA 

REDMOND,  WASH.  —  Microsoft  last 
week  made  available  the  first  public  beta- 
test  version  of  its  newest  Exchange  Server 
that  polishes  the  user  interface,  integrates 
mobile  support,  aligns  with  real-time  col¬ 
laboration  features  being  added  to  the 
Windows  operating  system  and  refines 
administrative  controls. 

Code-named  Titanium  when  the  first  pri¬ 
vate  beta-test  version  was  launched  last 
summer,  the  server  will  be  known  now  as 
Exchange  Server  2003.  The  software  is 
expected  to  ship  in  mid-2003.The  software 
works  in  tandem  with  the  Outlook  client  in 
Office  1 1 ,  which  is  expected  to  ship  in  the 
same  time  frame. 

The  Beta  2  of  Exchange  2003  is  mostly  fin¬ 
ished,  according  to  Microsoft. 

“There  may  be  a  couple  of  things  that  we 
add  in  depending  on  feedback,  but  for  the 


most  part  the  feature  set  is  complete,”  says 
Jim  Bernardo,  product  manager  for  the 
.Net  enterprise  server  group  at  Microsoft. 

Exchange  2003  is  a  fit-and-finish  release 
coming  on  the  heels  of  Exchange  2000  and 
is  an  interim  step  toward  a  version  of 
Exchange  under  development,  which  is 
code-named  Kodiak. 

Kodiak  will  incorporate  a  universal  data 
store  technology  that  will  debut  with  the 
Yukon  release  of  SQL  Server,  Microsoft’s 
database  software  due  to  ship  by  early  next 
year.  The  Yukon  technology  is  key  to 
Microsoft’s  Web  services  strategy  in  that  it 
will  create  one  location  for  storing  data 
across  Microsoft’s  back-end  servers.  But  the 
change  also  means  corporate  customers 
might  have  to  rewrite  Exchange  applica¬ 
tions  to  work  against  the  new  data  store. 

Both  Microsoft  and  chief  rival  IBM/Lotus, 
which  late  last  year  released  Domino  R6, 
are  providing  new  versions  of  their  soft¬ 


ware  targeted  at  consolidation,  cost  savings 
and  administrative  efficiencies  before 
making  leaps  to  major  changes  in  their 
platforms.  IBM  is  replacing  the  Domino 
store  with  its  DB2  database  and  integrating 
the  collaboration  server  with  its  Web¬ 
Sphere  Application  Server. 

Absent  from  this  release  is  support  for 
instant  messaging,  which  is  being 
removed  from  Exchange  and  added  to 
the  base  operating  system  in  Windows 
.Net  Server  2003,  which  is  expected  to 
ship  in  April. 

Microsoft  does  not  plan  another 
Exchange  2003  beta  and  expects  to  have  a 
release  candidate  in  late  spring.  A  release 
candidate  is  software  that  is  deemed  wor¬ 
thy  of  general  release  but  is  exposed  to  a 
final  round  of  testing. 

Beta  2  of  Exchange  Server  2003  can  be 
downloaded  at:  www.microsoft.corn. 
exchange/evaluation/ti/beta.asp.H 


Last  month  I  got  a  call  from  the  folks  at 
VanDyke  Software.  They  wanted  to 
chat  about  what  needs  to  go  away  to 
ensure  enterprise  network  security 
Their  list  was,  as  one  might  expect,  self- 
serving  in  some  places  (they  sell  software 
to  fill  some  of  the  holes  they  think  need  to 
be  created).  But  their  list  got  me  thinking 
about  what  else  would  be  good  to  lose  in 
the  quest  for  a  safer  ’Net. 

Here’s  VanDyke ’s  list  of  things  to  lose: 

1.  Non-NT  versions  of  Windows 
(95/98/ME). 

2.  Password  authentication. 

3.Telnet. 

4.  Cleartext  logon  to  any  root  or  adminis¬ 


trator  account. 

5.  FTP  (except  in  some  cases,  anonymous 
FTP). 

6.  Failure  to  provide  end-user  training  in 
basic  security  policy  and  procedures. 

7.  IT  departments  fighting  against  the  pro¬ 
liferation  of  wireless  network  access 
points. 

8.  Government  studies  on  how  to  secure 
the  Internet. 

The  last  one  might  not  be  quite  politically 
correct,  and  I  don’t  think  they  meant  it  lit¬ 
erally  But,  so  far,  such  studies  have  been 
more  feel-good  exercises  than  meaningful 
guidance. 

The  rest  of  their  suggestions  make  quite  a 
bit  of  sense,  even  though  most  are  fairly 
obvious. 

Security  101  says  to  rid  your  network  of 
anything  that  uses  clear  text  passwords, 
and  that  is  what  suggestions  2  through  5 
are  all  about. 

In  spite  of  this  being  the  first  thing  you 
should  learn  in  network  kindergarten,  far 


too  many  networks  are  still  being  man¬ 
aged  using  good  old  telnet.  Suggestion  2 
goes  a  bit  further  to  suggest  using  some 
additional  logon  techniques  such  as  bio¬ 
metrics  or  token  cards  —  a  very  good 
idea  for  critical  systems. 

Even  though  current-generation  Win¬ 
dows  systems  seem  to  be  charter  members 
of  the  critical-update-of-the-week  club,  the 
older  versions  give  “porous”  a  bad  name  — 
it’s  past  time  to  get  rid  of  them. 

Pretending  that  users  will  understand  the 
importance  and  techniques  of  security 
without  training  is  being  in  denial,  at  best. 

And  it’s  far  better  for  the  IT  department  to 
be  on  the  forefront  of  installing  wireless 
networks  so  that  it  can  be  done  in  a  secure 
way  Wireless  is  just  too  useful  to  assume 
that  an  IT  department  dictate  against  it  will 
stop  progress. 

The  VanDyke  list  is  a  good  start,  but  I’d 
add  a  few  things  to  it. For  example, only  half 
in  jest,  1  would  lose  firewalls.  They  just  get 
people  thinking  that  they  don’t  have  to 
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practice  good  security  hygiene. 

I'd  also  lose  any  network  address  transla¬ 
tor  that  was  installed  for  security  reasons 
—  NATs  provide  no  meaningful  security 
and  make  deployment  of  software  innova¬ 
tions  much  harder. 

If  1  couldn’t  lose  “national  security”  as  a 
network  security  driver  —  it’s  just  too 
important  —  I  would  lose  it  as  an  excuse  to 
shred  what  is  left  of  individual  privacy  in 
the  workplace  and  on  the  Internet. 

Finally,  losing  the  Digital  Millennium 
Copyright  Act  would  be  the  best  thing  that 
we  could  possibly  do  to  improve  the  secu¬ 
rity  of  our  systems  and  networks. 

Disclaimer:  Harvard’s  museums  are  full  of 
things  that  people  lost,  but  the  above  sug¬ 
gestions  for  more  museum  pieces  are  my 
own. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@ 
sobco.  com. 


(JJ  Netwoi’kWoHd 
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Network  Associates  bags 
antispam  firm  Deersoft 


Lessons  from  Leading  Users 


Air  Force 
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■  BY  PAUL  ROBERTS 

Network  Associates  started  the  year  by 
putting  spam  in  the  crosshairs.  The  com¬ 
pany  last  week  announced  the  acquisition 
of  Deersoft,  a  maker  of  antispam  software, 
for  an  undisclosed  sum. 

Deersoft  makes  SpamAssassin  Pro  and 
SpamAssassin  Enterprise.  The  company’s 
software  uses  content  rules  and  heuristic 
scans  to  analyze  incoming  e-mail  and 
identify  spam.  Once  identified,  messages 
can  be  rejected  or  saved  for  review. 

Network  Associates  says  it  intends  to  fold 
the  SpamAssassin  technology  into  its 
McAfee  product  line,  wooing  corporate 
customers  by  providing  antispam  technol¬ 
ogy  at  the  network  gateway,  on  e-mail 
servers  and  on  the  desktop. 

“Deersoft  was  attractive  to  us  for  the  sim¬ 
ple  reason  that  SpamAssassin  has  the  most 
sophisticated  rules-based  approach  on 
market  and  the  lowest  false  positive  rates 
of  the  products  we  tested,”  says  Zoe 
Lowther,  senior  solutions  marketing  man¬ 
ager  at  the  McAfee  Security  division. 

Deersoft’s  technology  provided  Network 
Associates  with  more  sophisticated  rules- 
based  scanning  than  what  was  available 
from  its  competitors  or  in  McAfee’s  existing 
product,  McAfee  SpamKiller,  Lowther  says. 

Working  in  a  similar  fashion  to  antivirus 
detection  technology,  SpamAssassin  ana¬ 
lyzes  the  attributes  of  incoming  e-mail  to 
spot  spam,  rather  than  simply  matching 
the  message  source  against  a  blacklist  of 
known  spammers. 

Tlie  Deersoft  technology  provides  multi¬ 
platform  support,  while  SpamKiller  works 
only  in  the  Microsoft  Windows  environ¬ 


ment,  Network  Associates  says. 

The  first  McAfee-Deersoft  fusion  will  be 
McAfee’s  SpamKiller  Enterprise,  client- 
based  desktop  software  aimed  at  the 
enterprise  that  will  be  built  on  the  founda¬ 
tion  of  Deersoft’s  SpamAssassin  Pro  prod- 
uct.Those  additions  will  be  unveiled  in  the 
second  quarter  this  year. 

Network  Associates  will  release  a  soft¬ 
ware  update  to  the  McAfee  ePolicy 
Orchestrator  policy  manager  in  the  sec- 


Junk  mail 

Spam  is  expected  to  climb 
from  25%  of  corporate 
e-mail  in  2002  to  50%  in  2003. 

SOURCE: ABERDEEN  GROUP 


ond  quarter  that  will  let  ePO  manage 
SpamKiller  Enterprise  across  corpora¬ 
tions,  Lowther  says. 

Finally,  Deersoft’s  technology  will  be 
rolled  into  McAfee’s  WebShield  and 
GroupShield  products,  providing  antispam 
protection  for  Internet  gateways  and 
e-mail  servers  later  this  year. 

SpamAssassin  began  as  open  source 
software  developed  by  Justin  Mason, a  soft¬ 
ware  programmer  in  Ireland  who  was 
looking  for  a  way  to  combat  spam  plagu¬ 
ing  his  e-mail  system,  according  to 
Deersoft ’s  Web  site. 

Roberts  is  a  correspondent  with  the  IDG 
News  Service 's  Boston  bureau. 


PureEdge  ICS  is  that  it  bundles  all  ele¬ 
ments  of  a  transaction  in  one  file  and 
stores  it  in  one  database  —  the  form  tem¬ 
plate  and  the  underlying  data  stay  to¬ 
gether  in  a  nonproprietary  XML  format. 

With  the  old  JetForm  FormFlow  sys¬ 
tem  that  the  Air  Force  used,  the  form 
and  the  data  were  separate  elements, 
and  users  had  to  save  multiple  files  to 
archive  just  one  electronic  form.  People 
kept  losing  their  data,  Watkins-Taylor 
says.  To  get  around  difficult  archiving 
processes,  people  would  often  print  out 
completed  forms  and  later  redo  them 
rather  than  try  to  find  a  saved  version, 
she  says. 

As  a  result,  users  were  frustrated. “It  was 
very  hard  to  walk  through  the  Pentagon 
and  tell  people  that  I  was  responsible  for 
the  electronic  forms  they  were  using,” 
Watkins-Taylor  says. 

The  new  system  is  more  user-friendly, 
she  says.“Feople  don’t  have  to  pull  up  a 
form  template  and  then  look  for  the  data 
to  populate  it,”  Watkins-Taylor  says.  “A 
template  appears  on  the  screen,  they  fill 
it  out,  and  they  save  it  just  like  a  Word 
document.” 

With  ad  hoc  routing  features,  the  Pure¬ 
Edge  system  automatically  will  forward 
a  form  to  other  users  for  their  review  and 
digital  approval.  Support  for  encrypted 
digital  signatures  eventually  will  be 
implemented  to  let  users  approve  and 
exchange  documents  over  the  Internet 
without  having  to  download,  print  and 
sign  each  form  by  hand. 

“The  customer  base  is  really  pushing 
hard  to  get  it  as  soon  as  possible," 


Watkins-Taylor  says  of  the  digital  signa¬ 
ture  features. 

The  digital  signature  technology  is  in 
place,  but  the  publishing  office  is  waiting 
for  the  Air  Force  to  settle  on  a  digital  sig¬ 
nature  standard  and  approve  its  imple¬ 
mentation,  she  says.That  should  happen 
by  spring. 

The  Air  Force  also  is  working  to  more 
tightly  integrate  the  PureEdge  software 
with  its  existing  back-end  systems. 

As  integration  is  made  tighter,  a  user 
will  be  able  to  select  forms  with  prefilled 
data  from  specific  Air  Force  databases 
rather  than  repeatedly  fill  in  common 
information.  For  example,  the  system 
might  prepopulate  certain  fields  with 
data  from  personnel,  medical  or  finan¬ 
cial  systems.  For  this  to  work,  IBM 
Content  Manager  acts  as  middleware 
between  the  PureEdge  software  — 
which  resides  on  servers  in  an 
Oklahoma  City  data  center  —  and  dif¬ 
ferent  legacy  systems,  swapping  and  syn¬ 
chronizing  data  between  the  different 
sources,  Watkins-Taylor  says. 

The  publishing  office  settled  on  Pure¬ 
Edge  after  conducting  a  series  of  pilot 
tests  at  12  Air  Force  bases  last  spring  and 
has  started  converting  its  existing  forms 
to  the  new  system.The  team  put  the  first 
PureEdge  forms  online  in  September, 
and  by  March  up  to  3,000  forms  will  be 
available  online,  Watkins-Taylor  says. 

Rather  than  simply  converting  all  the 
forms  it  currently  supports  —  18,000 
today,  down  from  20,000  not  long  ago  — 
the  publishing  office  is  working  with 
individual  Air  Force  departments  to  re¬ 
engineer  their  data-collection  processes 
and  reduce  the  total  number  of  forms 
required. 

“1  could  see  a  reduction  of  another 
25%  or  30%"  of  total  supported  forms, 
Watkins-Taylor  says.  ■ 
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Every  customer  is  an  investment.  But  are  you  investing  wisely? 
mySAP™  CRM,  the  only  open  and  integrated  CRM  solution,  makes  valuable 
customer  data  available  to  your  entire  organization.  In  real  time.  So  the  back 
office  knows  what  the  front  office  knows,  which  makes  it  easier  to  give 
customers  what  they  need.  A  lot  more  efficiently.  And  for  a  lot  less  money. 
Visit  sap.com  or  call  800  880  1727  to  find  out  more  about  mySAP  CRM. 
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Independent  benchmarks  prove  Solaris™  9  is  15  times  faster  when  running  VERITAS 
software.  And  it’s  7  times  more  available.  See  for  yourself  at  veritas.com/S0laris9 
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What  is  driving  growth  and  what  will  strengthen  AT&T  Business? 

In  terms  of  growth,  we  are  taking  share.  We  expect  growth  in  local,  global,  man¬ 
aged  services  and  IP  We  are  the  largest  [competitive  local  exchange  carrier] . 
Local  services  represent  a  huge  growth  opportunity,  as  does  managed  services 
and  IP  We  are  clearly  the  IP  traffic  leader,  and  we  will  extend  that  leadership  role 

See  Bernard,  page  22 


AT&Ts  Bernard  talks 
about  her  new  role 


Betsy  Bernard  heads  AT&T  Business,  which  despite 
3,500  layoffs  announced  last  week  remains  the  com¬ 
pany's  most  important  division  with  4  million  cus¬ 
tomers  and  $20.4  billion  in  revenue  for  the  first  three 
quarters  of  2002.  Bernard  took  the  helm  in  September 
after  leading  AT&T  Consumer.  As  president  Bernard  also  heads  up  inter¬ 
national  ventures,  network  operations  and  AT&T  Labs.  About  55,000 
employees  fall  under  her  leadership.  She  recently  spoke  with  Network 
World  Senior  Editor  Denise  Pappalardo  about  her  new  role  and  AT&T's 
future. 


How  does  heading  up  AT&T's  business  division  differ  from  managing  the  consumer  side 
of  the  house? 

It’s  significantly  larger  and  far  more  complex.  In  this  role  I  have  not  only 
product  management,  sales  and  service  delivery,  which  was  the  responsibility 
I  had  at  [AT&T  Consumer] ,  1  also  have  all  of  the  network  organization  and  all 
of  [AT&T  Labs]  and  all  of  the  product  groups.The  scope  is  much  larger,  and 
within  the  market  itself,  the  complexity  of  the  service  lines  and  customer  set  is 
different. 

What  are  your  goals  for  AT&T  Business? 

Our  priorities  are  to  first  and  foremost  to  take  advantage  of  the  unique  market 
we  find  ourselves  in.  With  our  competitors  focusing  on  testifying  and  dealing 
with  creditors, we  are  focused  very  much  on  ...  gaining  market  share  and  taking 
business  away  from  them. 


AT&T  Wireless  taps  the  brakes  on  3G  rollout 

Experts  say  lack  of  customer  demand  is  primary  reason  for  go-slow  approach. 


■  BY  DENISE  PAPPALARDO 

AT&T  Wireless  is  reeling  in  its  original 
3G  deployment  plans  in  a  move  that  will 
result  in  slower  technology  upgrades 
and  a  more  watchful  eye  from  one  of  its 


■  Content  delivery  provider  Mirror 
Image  recently  unveiled  an  enhanced 
suite  of  video-streaming  services  tar¬ 
geted  at  companies  looking  to  incor¬ 
porate  video  into  their  online  corpo¬ 
rate  communications  or  distance¬ 
learning  initiatives.  Called  insta- 
Content  Stream,  the  service 
includes  support  for  multiple  plat¬ 
forms,  including  RealNetworks, 
Windows  Media  and  QuickTime.  The 
service  also  includes  a  user  interface 
that  lets  users  upload  content  to 
Mirror  Image  and  get  reports  on  such 
items  as  system  usage,  bandwidth 


key  investors. 

The  wireless  carrier  recently  revealed 
that  it  only  will  have  full  3G  support  in 
four  markets  —  San  Francisco,  San 
Diego,  Seattle  and  Dallas  —  by  the  end 
of  2004. The  company’s  original  plan  was 


consumption  and  storage  consump¬ 
tion.  InstaContent  stream  will  be  avail¬ 
able  by  the  end  of  this  month.  Pricing 
has  not  been  released. 

www.mirror-image.com 

■  AT&T  announced  last  week  that  it  is 
expanding  its  DSL  service  reseller 
agreement  with  Covad  Commun¬ 
ications.  The  news  might  come  as  a 
surprise  to  those  who  believed  that 
AT &T's  $135  million  acquisition  of 
NorthPoint  in  March  2001  would  be 
used  to  offer  customers  DSL  services. 
AT&T  says  it's  more  cost-effective  at 
this  time  to  write  off  a  portion  of  its 
NorthPoint  acquisition  and  extend  its 
relationship  with  Covad.  Previously, 
Covad  only  offered  AT&T  business  cus¬ 
tomers  DSL  services.  The  new  agree- 


to  have  full  3G  support  in  13  markets  by 
June  2004. 

While  AT&T  Wireless  is  slowing  its  3G 
support,  the  time  frame  is  not  expected  to 
make  a  big  difference  to  customers,  says 
Rodger  Entner,  analyst  at  The  Yankee 


ment  now  includes  consumers.  AT&T 
says  it  will  continue  to  support  its  exist¬ 
ing  DSL  customers  in  New  York,  Texas 
and  California,  but  that  it  is  not  aggres¬ 
sively  selling  its  own  in-house  DSL  ser¬ 
vices  at  this  time. 

■  Recent  surveys  of  long-distance 
customers  show  Verizon  has  cap¬ 
tured  the  No.  3  spot  in  the  consumer 
market,  overtaking  Sprint.  AT &T  is  the 
No.  1  provider,  ahead  of  WorldCom. 
Verizon  now  has  more  than  10  mil¬ 
lion  long-distance  customers.  The 
majority  of  those  customers  come 
from  states  where  Verizon  is  the 
incumbent  local  exchange  carrier  and 
regulators  have  authorized  it  to  offer 
long-distance  services. 
www.verizon.com 


Group.  Many  users  are  just  getting  into 
wireless  mobile  data  services  and  these 
same  users  are  not  clamoring  for  higher 
speeds,  he  says. 

“A  lot  of  carriers  are  now  hesitant 
because  the  true  business  case  for  3G 
hasn’t  been  made  yet,”  Entner  says. 

Under  the  new  plan,  AT&T  Wireless 
might  switch  to  several  alternative  mar¬ 
kets  if  the  carrier  has  deployment  issues  in 
Dallas  or  San  Diego. 

Full  3G  support  for  AT&T  Wireless  means 
upgrading  its  network  to  Wideband  Code 
Division  Multiple  Access  (WCDMA)  tech¬ 
nology  also  called  Universal  Mobile  Tele¬ 
communications  System. 

The  International  Telecommunications 
Union  says  that  3G  wireless  networks  sup¬ 
port  mobile  data  rates  of  up  to  128K 
bit/sec,  stationary  data  rates  of  384 K 
bit/sec  and  fixed  data  rates  of  2M  bit/sec. 

AT&T  Wireless  altered  its  plans  primarily 
for  two  reasons:  lack  of  market  demand 
for  full  3G  and  the  move  toward  more 
conservative  network  investments. 

“We  looked  at  the  current  industry  envi¬ 
ronment  and  decided  it  was  smarter  for  us 
to  slow  down  deployment,”  says  Rod  Nel¬ 
son,  CTO  at  AT&T  Wireless.  “What  we  ex¬ 
pected  for  market  take-up  for  faster  data 
has  turned  out  to  be  somewhat  unrealistic. 

See  Rollout,  page  22 
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Yes,  the  past  two  years  have  been 
pretty  awful.  No,  we’re  not  going  to 
return  to  the  halcyon  days  of  1999 
anytime  soon. 

So  what  does  2003  look  like?  Here’s 
a  short  list  of  predictions.  We’ll  check 
back  in  12  months  to  see  how  they’ve 
stood  up. 

1.  The  Bells  win  on  unbundled  network 
element  pricing  (UNE-P).  In  other  words, 
the  Federal  Communications  Commission 
rolls  back  the  wholesale  rates  mandated 
for  leasing  facilities,  letting  the  Bells 
charge  their  own  rates  (and  continue  to 
shut  out  competition).  I’ve  explained  at 
length  in  other  columns  why  this  is  a  bad 


idea, but  it  looks  as  though  FCC  Chairman 
Michael  Powell  doesn’t  agree. 

Corollary  impact:  Stock  prices  of  tele¬ 
phone  company  equipment  vendors  (the 
Nortels  and  Lucents)  will  spike  at  the 
news  in  the  short  term,  as  Wall  Street 
rejoices  at  this“free  market”  victory  Longer 
term,  these  companies  will  continue  with 
tepid  growth,  because  even  with  UNE-P 
“relief,”  nobody’s  planning  massive  capital 
expenditures  this  year. 

2.  There  will  be  at  least  one  more  high- 
profile  bankruptcy  or  merger  in  the  tele¬ 
com  market.  Nope,  the  carnage  isn’t  over. 
Wait  and  see. 

3.  Spending  will  rebound  slightly,  but  the 
devil  is  in  the  details.  Neither  local  ex¬ 
change  carriers  (LEC)  nor  interexchange 
carriers  will  invest  heavily  in  traditional 
telecom  gear.  Instead,  what  dollars  get 
spent  will  be  on  packetized  voice  or  im¬ 
proved  operational  systems  software  (an¬ 
other  reason  why  UNE-P  relief  doesn’t  help 
Nortel  and  Lucent  as  much  as  expected). 


This  trend  favors  Cisco  and  other  packet 
technology  providers. 

4.  Voice  over  IP  continues  to  make  slow 
and  steady  gains  in  corporations.  We’re 
seeing  folks  begin  to  reap  savings  because 
of  lower  moves-add-changes  costs,  which 
can  average  $350  per  change.  Some  IP 
telephony  products  can  reduce  this  cost 
to  virtually  zero,  which  adds  up  to  sub¬ 
stantial  savings  for  companies  whose 
employees  switch  offices  regularly  In  one 
scenario,  a  midsize  organization  showed  a 
positive  return  on  investment  in  less  than 
three  months. 

5.  Wireless  continues  to  boom,  but 
nobody  figures  out  how  to  make  money 
on  it. 

6.  Both  the  Bells  and  the  cable  compa¬ 
nies  continue  to  miss  the  boat  on  the 
emerging  home  networking  market. 

What  am  I  talking  about?  Flash  poll:  How 
many  of  you  have  home  LANs?  How 
many  are  hooked  to  ancillary  devices 
(my  current  favorite  is  Turtle  Beach’s  Au- 


diotron,  which  hooks  up  to  your  LAN, 
plays  MP3s  from  your  PC’s  hard  drive, and 
best  of  all  is  configurable  online  through 
a  Web  interface).  If  you’re  like  me,  you 
probably  hooked  the  whole  thing  up 
yourself  —  but  not  everybody  will  have 
the  time  and  inclination. 

Now  why  couldn’t  your  trusty  LEC  or 
cable  company  offer  a  package  including 
a  cable  or  DSL  modem,  a  wireless  hub,  an 
“entertainment  server”  such  as  an  Au- 
diotron  or  TiVo  —  then  charge  for  on-site 
assembly  and  a  monthly  maintenance  fee? 

Here’s  a  real-world  example  of  putting 
the  Baby  Bells’  resources  —  massive  help 
desks,  a  fleet  of  trucks  and  techies  with 
screwdrivers  —  to  work  offering  new  and 
innovative  services.  Verizon,  BellSouth, 
Time  Warner:  Are  you  listening? 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  a  technology 
research  firm.  She  can  be  reached  at 
johna@nemertes.  com. 


Bernard 

continued  from  page  21 
on  an  ongoing  basis. 

How  did  you  come  to  this  point  in  your  career  at  AT&T? 

I’ve  been  in  the  telecommunications  industry  for  25  years 
starting  as  a  college  intern  at  AT&T.  Of  that  25  years,  20  have 
been  with  AT&T.  Of  that  25  years,  23  has  been  in  the  business 
markets  organization.  So  the  way  I  left  AT&T  after  18  was  that 
[David  Dorman], who  was  at  that  time  president  of  Pacific 
Bell,  convinced  me  to  come  work  for  him.  Five  years  later  he 
convinced  me,  more  easily  the  second  time  than  the  first 
time,  to  come  back  to  AT&T. 

How  would  you  describe  your  management  style? 

Pretty  simple.  Success  is  all  about  how  effectively  you  com¬ 
municate  with  your  employees.  First  of  all  being  clear  what 
the  vision  of  the  business  is  [with  employees]. That  is  the 
responsibility  of  the  leader,  and  that  can’t  be  delegated.  How 
we’re  going  to  go  about  getting  to  that  vision  and  how  we’re 
not  going  to  get  there,  and  then  describing  what  their  role  is 
in  that  journey. 

You're  a  female  executive  in  a  male-dominated  industry.  What's  that 
like,  and  how  has  it  changed  in  the  last  25  years? 

When  you  say  male-dominated,  1  think  our  industry  is  one  of 
the  leaders  in  diversity  at  all  levels.There’s  nothing  like  losing 
"  a  big  federal  case  to  fuel  diversity,  which  happened  to  the  Bell 
system  [around]  1975. There  was  a  consent  decree  with  the 
federal  government  after  it  alleged  the  Bell  system  was  not 
being  supportive  enough  of  women. The  Bell  system  put  in  a 
very  disciplined  process  to  ensure  all  people  had  opportuni¬ 
ties  regardless  of  sex  or  race. 

Our  statistics  in  terms  of  women  in  leadership  positions  are 
best  in  class.  When  you  look  at  CEOs  and  presidents  in  our 
industry,  such  as  Pat  Russo  [CEO  at  Lucent] ,  Betsy  Bernard, 

.  Carlv  Fiorina  [chairman  and  CEO  at  HP], Patricia  Higgins 
[CEO  at  collocation  service  provider  Switch  &  Data]  or  Sue 
Swenson  [CEO  at  Leap  Wireless]  they  all  have  one  thing  in 
commomThey  all  came  up  through  AT&T.l  never  thought  that 
1  was  in  a  minority  or  unique.  1  was  building  a  career.  ■ 


Plotting  a  prudent  3G  rollout 

AT&T  Wireless  tweaks  plans  to  support  3G  throughout 
network. 


Technology 

Mobile  speeds 

Where 

When 

GSM/GPRS 

30  to  40K  bit/sec 

National  network 

Now 

EDGE 

80  to  130K  bit/sec 

National  network 

Mid-2003 

UTMS  or 
WCDMA 

144  to  384K  bit/sec 

Four  markets 

December 

2004 
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Expectations  around  a  lot  of 
things  in  technology  were  unre¬ 
alistic _ The  market  is  develop¬ 

ing  nicely,  but  not  as  fast  as  we 
projected.” 

AT&T  Wireless  also  is  “waiting  to 
see  how  2.5G,  [General  Packet 
Radio  Service  (GPRS)]  continues 
to  do  in  the  market  in  2003,”  says 
Scott  Ellison,  an  analyst  at  IDC. 

AT&T  Wireless  can  meet  its 
customer’s  needs  with  GPRS  and 
Enhanced  Data  Rates  for  Global 
Evolution  (EDGE),  which  is  com¬ 
ing  next  year,  Nelson  says.  “We 
don’t  need  to  imprudently  rush 
to  next-generation  technology?’ 
he  says. 

The  new  plan  is  based  on  a  re¬ 
vised  agreement  between  AT&T 
Wireless  and  investor  NTT  DoCo¬ 
Mo,  which  owns  16%  of  the  carri¬ 
er.  The  agreement  stipulates  that 
if  AT&T  Wireless  does  not  meet 
its  3G  upgrade  plans,  NTT  Do¬ 
CoMo  could  turn  in  its  invest¬ 
ment,  in  the  form  of  stock,  for  a 
$10  billion  payout. The  new  deal 
includes  a  second  board  seat  for 
an  NTT  executive  and  the  cre¬ 
ation  of  a  committee  staffed  by 
NTT  and  AT&T  Wireless  employ¬ 
ees  to  oversee  the  carrier’s  3G 
upgrades. 

The  current  AT&T  Wireless  net¬ 
work,  typically  called  2.5G,  is 
based  on  GSM/GPRS,  which  sup¬ 
ports  data  transmissions  of  30K 
to  40K  bit/sec  (see  graphic). 

“There  is  an  expectation  that 
2.5G  networks  will  have  longer 
life  spans  in  the  market  than 
perhaps  initially  expected,”  El¬ 
lison  says. 


But  before  the  carrier  will  up¬ 
grade  to  WCDMA,  it  says  it  will 
first  deploy  EDGE  technology  in 
its  network,  which  is  expected  to 
support  data  rates  of  80K  to  130K 
bit/sec. 

“EDGE  will  put  AT&T  Wireless 
on  the  same  playing  field  as 
Verizon  Wireless  and  Sprint  PCS,” 
Entner  says.  Verizon  Wireless  and 
Sprint  PCS  have  deployed  lxRTT 
and  are  supporting  EDGE-like 
speeds  now. 

Sprint  PCS  has  upgraded  its 
national  network  to  lxRTT,  which 
supports  data  rates  of  50K  to  70K 
bit/sec  to  mobile  users. 

Verizon  Wireless  has  lxRTT 
support  in  900  cities  with  nation¬ 
wide  coverage  expected  by  mid¬ 
year.  Customers  typically  see 
mobile  data  rates  that  range  from 
40K  to  60K  bit/sec  on  this  carri¬ 
er’s  network. 

While  both  are  ahead  of  AT&T 
Wireless  in  terms  of  faster  data 
support,  neither  will  support  full 
3G,  with  its  2M  bit/sec  fixed  data 
rates,  long  before  AT&T  Wireless. 

Sprint  PCS  says  it  plans  to 
migrate  to  3GlxEV-DV“by  2004  to 
2005.”This  technology  would  sup¬ 
port  3M  to  5M  bit/sec  wireless 
transmissions. 

Verizon  Wireless  is  in  the  middle 


of  a  lxEVDO,  data  only,  technolo¬ 
gy  trial  in  Baltimore,  but  the  carri¬ 
er  has  not  committed  publicly  to 
a  networkwide  upgrade. 

According  to  The  Yankee 
Group’s  Entner,  it’s  probably  better 
that  Verizon  not  commit  to 
lxEVDO  because  chip  manufac¬ 
turers  such  as  Qualcomm  have 
not  revealed  when  they  will  sup¬ 
port  the  specification. 

IDC’s  Ellison  says  that  weak 
demand  for  very-high-speed  wire¬ 
less  services  argues  against  the 
large  capital  investment  that  a 
lxEVDO  upgrade  would  entail. 

According  to  AT&T  Wireless’  3G 
road  map,  it  might  have  full  3G 
support  before  Sprint  PCS  and 
Verizon.  ■ 


More  online! 

Although  AT&T  says  3G  demand  is  low,  the 
FCC  plans  to  auction  off  more  spectrum 
to  aid  in  the  rollout  of  3G  services. 
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■CS:  Since  their  emergence,  CLECs  have  seen  limited  success. 


CLECs  still  struggling  to  make  a  difference 


■  BY  MICHAEL  MARTIN 

Six  years  after  passage  of  the  Telecommunications 
Act  of  1996  set  the  groundwork  for  their  emer¬ 
gence,  competitive  local  exchange  carriers  have 
failed  to  make  the  significant  impact  on  telecom  pricing 
for  business  customers  that  advocates  had  predicted. 

But  CLECs  have  managed  to  intro¬ 
duce  new  services,  such  as  integrated 
voice/data  access.  And  in  some  large 
markets  —  such  as  New  York  City, 
where  CLECs  AT&T  and  WorldCom 
operate  their  own  local  facilities  — 
they  are  competing  with  the  regional 
Bell  operating  companies. 

Competition  has  helped  lower  pricing 
in  the  long-distance  market,  but  the 
effect  has  been  much  less  noticeable  on 
the  local  services  side.  Pricing  has  come 
down  since  1996,  but  not  any  more  dra¬ 
matically  than  it  declined  before  pas¬ 
sage  of  the  telecom  act. 

“The  CLECs  only  won  very  limited 
market  share,” says  Michael  Lauricella, 
an  analyst  with  The  Yankee  Group.“So 
the  incumbents  were  never  forced  to 
really  drive  down  prices.” 

The  CLECs’  impact  has  been  blunted  by  the  fact  that 
droves  of  them  were  forced  out  of  business  when  the 
capital  markets  became  less  forgiving  in  2000.  About  50 
CLECs  have  filed  for  bankruptcy  or  left  the  market,  leav¬ 
ing  80  to  100  in  place,  according  to  the  Association  for 
Local  Telecommunications  (ALTS),  a  CLEC  group. 

Impact  has  been  felt  in  places 

The  overall  effect  of  CLECs  on  pricing  might  be  negli¬ 
gible,  but  in  markets  where  they  have  a  significant  pres¬ 
ence,  CLECs  have  made  a  difference. Those  markets  tend 
to  be  major  metropolitan  areas  where  there’s  a  large 
enough  concentration  of  customers  to  make  it  prof¬ 
itable  for  CLECs  to  build  out  their  networks, says  Hank 
Levine,  a  partner  in  Levine,  Blaszak,  Block  and  Boothby, 
a  firm  that  specializes  in  telecom  contract  negotiations. 

In  some  cases  the  RBOCs  will  lower  their  local  prices 
to  maintain  market  share 
in  these  major  metropoli¬ 
tan  areas,  Levine  says. 

“A  few  years  ago  you 
would  do  a  deal  with  the 
RBOCs  and  they’d  offer  you 
a  4%  discount  if  you’d  sign 
for  three  years,”  he  says. 

“Those  discount  numbers 
have  doubled  and  tripled.” 

Still,  Levine  notes,  no 
large  corporation  that  he’s 
aware  of  has  pieced  together  a  national  telecom  services 
contract  that  relies  primarily  on  a  CLEC. 

“Overall,  because  the  penetration  is  so  spotty  and 
many  of  them  have  gotten  into  trouble,  their  impact  has 
been  limited,”  he  says. 

In  areas  where  the  CLECs  operate,  they  generally 
promise  savings  of  between  15%  and  20%,  says  Lynda 
Starr,  an  analyst  with  Probe  Research.They  also  try  to  win 


customers  with  promises  of  superior  service. 

“With  a  CLEC  there  will  actually  be  personal  contact 
with  the  customer^  Lauricella  says, “whereas  you  pretty 
much  have  to  be  a  company  with  at  least  2,500  employ¬ 
ees  for  the  RBOC  to  consider  you  worthy  of  a  dedicated 
sales  rep.” 

One  company  that  has  made  a  CLEC  an  important  part 


of  its  national  telecom  strategy  is  Marcus  Evans,  a  corpo¬ 
rate-event,  training  and  market-analysis  firm  in  Chicago. 

Until  recently,  Marcus  Evans  relied  on  WorldCom  to  fill 
its  voice  and  data  needs,  says  Nicholas  Convey  vice 
president  of  IT.  But  over  the  past  year  the  company 
changed  to  a  diverse  carrier  strategy 

“It  encourages  more  competitiveness  from  our  suppli¬ 
ers,”  Convey  says.“lt  reduces  the  cost  of  our  service  and 
increases  our  redundancy 

Marcus  Evans  began  by  trialing  Allegiance’s  services  in 
two  of  its  offices.  Once  that  proved  successful,  the  rela¬ 
tionship  expanded. 

For  eight  of  its  14  U.S.  offices,  Marcus  Evans  now  uses  a 
variety  of  voice  and  data  services  supplied  by  CLEC  Alle¬ 
giance  Telecom. 

“We  looked  at  the  cost,  network  redundancy  and  billing 
systems,”  Convey  says.“Something  we  also  did  that  was 

new  for  us  was  look  at  the 
financials.  I  talked  to  Alle¬ 
giance’s  [CFO]  before  sign¬ 
ing  a  contract.That  would¬ 
n’t  have  happened  with  a 
larger  provider’ 

One  market  niche  where 
CLECs  such  as  Allegiance 
Telecom,  US  LEC  and 
Choice  One  Communica¬ 
tions  have  had  consider¬ 
able  success  is  in  selling 
integrated  voice  and  data  services  to  small  and  midsize 
businesses. 

Typically  an  integrated  access  service  uses  customer 
premises  equipment  to  carry  voice  and  data  traffic  over  a 
single  T-l  line, saving  customers  money  on  their  overall 
telecom  bills. The  reason  for  the  CLECs  success  here  is 
simple  —  they  created  the  market. 

“Subscribing  to  this  service  will  lower  a  customer’s 


price,  but  not  absolutely  Yankees  Lauricella  says.  “You  pay 
the  same  price  for  a  T-l ,  but  it  reduces  your  voice  charges 
because  it’s  packaged  more  economically 

The  CLECs  have  been  successful  enough  in  pushing 
integrated  access  that  the  RBOCs  have  begun  to  follow 
suit.  All  but  Qwest  have  started  offering  integrated  access 
services  in  at  least  some  markets. 

The  problem  some  CLECs  ran  into, 
though,  was  saturation  of  the  market.The 
result  was  that  many  went  out  of  business. 

Probe’s  Starr  says  that  200  CLECs  each 
predicted  they’d  capture  20%  of  the 
market. 

“That’s  a  4,000%  market,  so  that  tends 
not  to  work,”  she  says. 

Now  that  many  of  the  weaker  CLECs 
have  been  weeded  out,  the  survivors 
should  have  a  better  chance,  she  says. 

Despite  the  carnage  of  2001  and  2002, 
many  CLECs  continue  to  operate. 

Royce  Holland,  chairman  and  CEO  of 
Allegiance  Telecom,  says  the  key  to  Alle¬ 
giance’s  survival  has  been  that  the  compa¬ 
ny  had  time  to  scale  its  business. 

“A  lot  of  our  competitors  didn’t  have 
adequate  funding,”  he  says.“So  when  the 
capital  markets  shut  down,  they  didn’t 
have  the  opportunity  to  grow  their  business  to  fit  their 
capital  structure.” 

Other  CLECs,  such  as  Winstar  and  Teligent,  bet  on  cut¬ 
ting-edge  technologies  such  as  broadband  wireless  that 
didn’t  work  out. 

Offerings  get  more  practical 

“Our  goal  is  to  offer  what  customers  want  now  —  not 
what  they  might  want  down  the  road,”  Holland  says. 
“Anyone  that’s  gone  with  that  Field  of  Dreams  approach 
—  ‘Build  it  and  they  will  come’ —  has  had  their  dreams 
turn  into  nightmares  in  this  capital  market." 

Aaron  Cowell,  president  and  CEO  of  US  LEC, says  his 
company  has  managed  to  survive  the  CLEC  shakeout 
because  it  followed  a  strategy  of  controlled  growth  — 
adding  customers  only  in  markets  where  the  company 
could  reach  profitability  quickly. 

The  Bells  have  responded  to  CLEC  competition  with 
some  buyback  programs,  Holland  says,  offering  cus¬ 
tomers  better  deals  to  return  to  the  RBOC  fold.  But  the 
buyback  offers  aren’t  that  common,  he  adds. 

“They  respond  to  competition,"  he  says.“But  they’d  be 
stupid  when  they  have  a  91%  market  share  to  go  and  cut 
prices  across  the  board.There  needs  to  be  more  penetra¬ 
tion  by  CLECs  in  order  for  prices  to  fall.” 

Ultimately  the  fate  of  the  surviving  CLECs  could  be 
determined  by  regulators  as  much  as  by  the  CLECs’  busi¬ 
ness  practices. 

The  Federal  Communications  Commission  is  sched¬ 
uled  to  hold  its  triennial  review  of  unbundled  network 
elements  —  the  pieces  of  the  RBOC  networks  that 
CLECs  are  able  to  purchase  at  wholesale  rates  —  early 
this  year.  If  the  FCC  cancels  too  many  of  the  unbundled 
elements  available  to  the  CLECs,  it  could  seriously  hurt 
the  industry  says  John  Windhausen,  president  of  ALTS. 

“The  big  question  really  is  whether  the  FCC  is  going  to 
let  us  survive,”  he  says.  ■ 


Diminishing  returns 


The  market  capitalization  of 
CLECs  has  been  in  free-fall... 

(in  billions) 


1999  2000  2001 


SOURCE:  COMPETITIVE  TELECOMMUNICATIONS 


. . .  but  some  CLECs  still  attracted 
new  investments  last  year. 

(in  millions) 


Broadview  ||  $40 
TelePacific  |  $40 


The  overall  effect  of  CLECs  on 
pricing  might  be  negligible,  but  in 
markets  where  the  CLECs  have  a 
significant  presence  they  have 
made  a  difference. 
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Better  Performance.  Better  Price. 
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The  smartest  way  to  run  your  network  Is  also  the  smartest  way  to  run  your  business. 
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Dell  Managed  Switches 


PowerConnect™  3024*  Switch 

PowerConnect™  3048*  Switch 

Scalable.  High-Performance  Managed  Switch 

•  24  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Up  to  12.8  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  -  Supports  up  to  144  FE  Ports  in  a  Stack 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement" 

Rack-Dense,  High-Performance  Managed  Switch 

•  48  Fast  Ethernet  Ports  Plus  4  Built-In  Gigabit  Uplinks 

•  Up  to  21.6  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  -  Supports  up  to  144  FE  Ports  in  a  Stack 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement" 

$599 

as  low  as  $17/mo„  (46  pmts.*) 

60  Days  Same-As-Cash 

E-VALUE  Code:  14404-  S10105 

as  low  as  $29/mo.,  (46  pmts.*) 

0 60  Days  Same-As-Cash 

J  J  J  E-VALUE  Code:  14404-  S10109a 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement,"  add  $77 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement,"  add  $199 

PowerConnect™  3248*  Switch 

PowerConnect™  5224*  Switch 

High-Performance,  Enterprise  Class  Managed  Switch 

•  48  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Multi-Layer  Traffic  Classification  at  Layers  2, 3.  and  4 

•  Advanced  Management  via  Browser  or 

Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement" 

High-Performance  All-Gigabit  Managed  Switch 

•  24  Copper  Gigabit  Ports  Plus  4  SFP  Fiber  Uplinks 

•  Layer-3  Aware  Class  of  Service  Prioritization 

•  Advanced  Management  via  Browser  or 
Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement" 

*999 

as  low  as  $29/mo.,  (46  pmts.*| 

60  Days  Same-As-Cash 

1  E-VALUE  Code:  14404  S10109b 

as  low  as  $63/mo„  (46  pmts.*) 

O /1hI|  60  Days  Same-As-Cash 

£m  1  E-VALUE  Code:  14404-  S10121 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement"  add  $199 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement,"  add  $299 

It's  a  Dell,  so  you  know  you're  going  to  save  money.  But  let's  talk  performance.  From  standard 

Fast  Ethernet  to  high-speed  Gigabit  Ethernet  over  copper  or  fiber,  Dell  PowerConnect  switches  are 
designed  to  offer  full  wire-speed  and  non-blocking  performance.  Recent  Tolly  lab  tests  confirmed 
that  the  Dell  PowerConnect  3248  outperformed  industry  leaders  by  as  much  as  47%.  Plus,  the 
PowerConnect  5224  has  been  lauded  by  Tom's  Hardware  Guide  ior  its  performance  and  manageability 
features  for  the  price.  PowerConnect  switches  also  are  highly  interoperable  and  scalable,  making 
them  ideal  for  building  a  first-time  network  or  expanding  your  existing  one.  So  not  only  will  you  get 
one-of-a-kind  Dell  performance  for  less  but,  perhaps  more  importantly,  there'll  be  fewer  headaches  too. 

Dell  PowerConnect  3248  Outperforms 
the  Cisco  Catalyst  2950  and  3COM 
SuperStack  3  Switch  4400  by  up  to 
47%  in  Layer  2  Throughput  Tests.' 

Tolly  Group  Report  #202149 
-  September  2002 


Growing  your  network.  Easy  as 

Click  www.dell.com/switch  Call  1-877-301-3355 

toll  free 
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Pricing  specil  icanons.  availability,  and  terns  of  oftei  may  change  without  notice  Taxes  and  shipping  chaiges  extra,  and  vary,  and  not  subject  to  discounts.  U  S.  new  purchases  only  Dell  cannot  be  responsible  for  errors  in  typography  or  photography. 

"Tins  device  has  not  been  approved  by  the  Federal  Communicabons  Commission  for  use  in  a  residential  environment  This  device  is  not.  and  may  not  be.  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  fCC  has  been  obtained 

"Mo1 "  v  p>n  neni  s  bused  on  48-month  Quickloan  at  12  99%  interest  rate  for  qualified  Small  Business  customers  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  Minimum  transaction  site  of  $500  required  Maximum 
aflongaf  financed  mou*  not  to  aicaed  $25.000.  Under  60  Days  Same  As-Cash  Quickloan.  interest  accrues  during  first  60  days  after  QuickLoan  Commencement  Date  (which  is  five  days  after  product  ships)  if  balance  not  paid  within  these  60  days  OFFER  VARIES  BY 
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Pipal  purchase  pumps  Riverstone’s  plan 


■  BY  JIM  DUFFY 

SANTA  CLARA  —  Riverstone  Networks’ 
recent  acquisition  of  start-up  Pipal  Systems 
underscores  the  company’s  strategy  to  use 
Multi-protocol  Label  Switching  as  the 
underpinning  of  the  metropolitan  Ethernet 
aggregation  capability  of  its  routers. 

Still  in  the  development  phase  when  ac¬ 
quired  by  Riverstone,  Pipal  was  working  on 
Ethernet,  MPLS  and  other  technologies  for 
broadband  aggregation,  including  Layer  2 
Tunneling  Protocol  (L2TP)  and  subscriber 
management. 

Engineers  from  Nortel  and  Redback  Net¬ 
works  founded  Pipal  in  2001. The  company 
employs  42  people.  The  acquisition  was 
completed  Jan.  3. 

Riverstone  is  remaining  tight-lipped 
about  its  plans  for  Pipal’s  technology  The 
company  will  unveil  more  details  this 
spring,  says  Steve  Garrison,  director  of  cor¬ 
porate  marketing. 

“They  are  developing  next-generation 
technologies  that  help  us  offer  service  cre¬ 
ation  capabilities.  It  fits  into  our  known 
focus  of  carriers  and  broader  revenue 


■  Equipe  Communications  last 
week  said  its  Equipe  3200  multiservice 
core  switch  has  achieved  Network 
Equipment  Building  Standards 
Level  3  certification.  NEBS  Level  3 
is  a  prerequisite  for  deployment  with 
most  carriers  and  service  providers. 
NEBS  certification,  which  Bellcore 
(now  Telcordia  Technologies)  originally 
developed,  is  a  set  of  tests  that  evalu¬ 
ate  performance  and  quality  of  net¬ 
work  equipment,  and  environmental 
and  safety  levels. 

■  The  MPLS  Forum  has  named 
Andrew  Malis,  chief  technologist  for 
Vivace  Networks,  as  chairman  and 
president.  Malis  replaces  David 
Drury,  former  vice  president  of  tech¬ 
nology  strategy  at  Marconi.  The  MPLS 
Forum  is  an  international  nonprofit 
promoting  deployment  of  multi  vendor 
Multi-protocol  Label  Switching  net¬ 
works,  applications  and  services. 


bases” such  as  large  companies  with  carrier- 
class  network  requirements,  Garrison  says. 

Riverstone  last  year  announced  plans  to 
target  the  enterprise  market  as  a  way  to  lift 
sagging  revenue  from  carriers  and  service 
providers  that  have  cut  back  dramatically 
on  spending  and  network  buildouts.  For  its 
fiscal  2003  third  quarter  ended  Nov.  30, 
Riverstone  posted  a  net  loss  of  $27.8  mil¬ 
lion  on  revenue  of  $13.8  million.This  com¬ 
pares  with  a  net  loss  of  $58  million  on  rev¬ 
enue  of  $10.7  million  for  the  previous  quar¬ 
ter  and  a  profit  of  $2.2  million  on  revenue 
of  $60.1  million  for  the  third  quarter  of  fis¬ 
cal  2002. 

Analysts  pegged  the  value  of  the  Pipal 
deal  between  $35  million  and  $40  million. 

Pipal’s  founders  and  top  managers  have 
authored  several  Internet  Engineering  Task 
Force  requests  for  comment  on  L2TP  and 
subscriber  management  techniques,  Gar¬ 
rison  says.  These  assets  were  particularly 
appealing  to  Riverstone,  he  says. 

“There  are  a  lot  of  bright  guys  there;  a  lot 
of  intelligence  in  that  team,”  Garrison  says. 

Like  MPLS’s  Draft  Martini  proposal,  L2TP 
can  be  used  to  merge  Layer  2  services  — 


■  BY  JIM  DUFFY 

MURRAY  HILL,N.J.  —  Lucent  is  lining  up 
partnerships  to  fill  in  the  gaps  in  its 
IP/Multi-protocol  Label  Switching  portfolio 
after  the  recent  cancelation  of  its  multiser¬ 
vice  core  packet  switch. 

Industry  sources  say  Lucent  is  talking 
with  Juniper  about  offering  Juniper’s  rout¬ 
ers  for  wireline  IP/MPLS  requirements. The 
structure  of  the  potential  arrangement  is 
unclear,  but  Lucent  would  become  another 
large  systems  player,  along  with  Ericsson, 
Nortel  and  Siemens,  marketing  Juniper 
routers  to  joint  customers. 

Lucent  then  would  provide  the  ATM  over¬ 
lay  component  of  Juniper’s  recently  an¬ 
nounced  Model  for  Integrated  Network 
Transformation  revenue-generation  archi¬ 
tecture,  industry  sources  say  (see  www. 
nwfusion.com,  DocFinder.  3822).  Lucent  is 
a  leading  supplier  of  carriers’ ATM  switches. 

On  the  wireless  side,  Lucent  is  consider¬ 
ing  lining  up  Cisco  to  provide  IP/MPLS 
requirements  in  that  arena.  Lucent  is  dual 
sourcing  its  IP/MPLS  capabilities  because  it 
sees  Cisco  as  a  wireline  competitor, sources 


■ 

\ 

PROFILE: 

PIPAL  SYSTEMS 

Location:  Santa  Clara 

Founded:  2001 

Management:  Company  was 
founded  by  veterans  of  Nortel 
Networks  and  Redback  Networks 

Employees:  42 

Products:  Ethernet,  MPLS  and 

L2TP  technologies  for  creation  of 
VPN  and  other  services. 

Customers:  Carriers,  metropolitan 
service  providers,  large  corporations. 

Fast  fact:  Pipal  is  a  fig  tree  native  to 
India  that  Buddhists  regard  as  sacred. 

> 

such  as  frame  relay  ATM  and  Ethernet  — 
into  IP  networks.  L2TP  is  a  non-MPLS  way  to 
integrate  legacy  Layer  2  with  IP  VPN  ser¬ 
vices  and  infrastructures.  Cisco  already 
offers  L2TP  on  its  routers  for  this  purpose. 

Subscriber  management  provides  a  way 


say  while  Juniper  has  a  joint-development 
relationship  with  Lucent  competitor  Erics¬ 
son  for  Gateway  General  Packet  Radio 
Service  Support  Nodes  (GGSN)  in  mobile 
wireless  IP  networks. 

The  structure  of  a  possible  partnership 
with  Cisco  is  unclear,  but  it  is  likely  to 
involve  joint  marketing  of  Cisco  GGSNs 
with  Lucent  Code  Division  Multiple  Access, 
Universal  Mobile  Telecommunications 
System  and  other  3G  wireless  access;  base 
station  and  switching  products,  and  possi¬ 
bly  joint  development.  With  both  vendors, 
Lucent  could  add  its  professional  services 
capabilities  to  the  partnerships,  potentially 
generating  more  revenue  for  all  parties  — 
services  revenue  for  Lucent  and  additional 
product  sales  for  Juniper  and  Cisco. 

But  some  analysts  say  the  parties  would 
keep  the  alliances  “loose”  —  merely  addi¬ 
tional  sales  channels. 

“It’s  just  one  more  relationship  for  the 
compand  says  Nikos  Theodosopoulos  of 
UBS  Warburg.“I  don’t  think  [it  will  involve] 
a  lot  of  collaboration.” 

Lucent,  Cisco  and  Juniper  would  not 
comment  on  these  developments,  charac- 


to  personalize  IP  services  by  identifying  the 
subscriber  and  setting  up  customized  ser¬ 
vice  levels,  qualities  and  content  access. 
Subscriber-management  capabilities  are 
particularly  applicable  to  wireless  network¬ 
ing,  where  vendors  and  operators  are  look¬ 
ing  to  offer  mobile  users  personalized 
access  to  Internet  and  IP  content  through 
their  handsets. 

Despite  the  mystery  of  how  Pipal’s  tech¬ 
nology  will  be  used,  analysts  say  the  acqui¬ 
sition  is  consistent  with  Riverstone’s 
Ethernet/MPLS  aggregation  business  case, 
although  challenges  remain. 

“The  Pipal  Systems  acquisition  represents 
no  major  change  in  strategy  for  Riverstone 
—  rather  it  has  decided  to  lock  in  Pipal’s 
MPLS  technology  now  when  an  acquisition 
can  be  done  reasonably  cost-effectively 
Current  Analysis  analyst  David  Dunphy  said 
in  a  recent  report.  “Though  Riverstone 
gained  early  implementation  of  a  metro 
MPLS  solution,  consensus  on  the  role  of 
MPLS  has  yet  to  be  established  in  the  metro. 
Riverstone  needs  to  prove  it  can  successful¬ 
ly  expand  into  its  new  market  segments 
without  losing  focus.”  ■ 


terizing  them  as  rumors.  Industry  sources 
say  the  Juniper  deal  could  be  announced 
this  quarter. 

Lucent  stated  its  intention  to  pursue  part¬ 
nerships  to  fill  in  IP/MPLS  and  other  multi¬ 
service  gaps  in  its  product  portfolio  after 
the  discontinuation  of  the  TMX  880 
IP/MPLS  core  multiservice  switch  in 
October  (see  DocFinder:  3823).  Lucent 
pared  back  on  development  and  market¬ 
ing  of  products  that  do  not  provide  an 
immediate  potential  revenue  stream  (see 
DocFinder:  3824).  ■ 


More  online! 


Get  the  details  on  why  Lucent  canceled 
its  MPLS  switch  and  what  it  means  for  the  company. 

DocFinder.  3825 


Lucent  seeks  IP  partnerships 


Managing  desktop  security  can  be  challenging. 

That’s  why  there’s  Windows  XP  and  Office  XP. 

. .  . . . . 


Recognize  any  of  those  issues?  Or,  perhaps,  all  of  them? 
We  thought  so.  Many  of  these  issues  can  be  related  to  your 
legacy  desktop  software;  fortunately,  many  of  them  can  be 
addressed  by  features  in  Microsoft*  Windows*  XP  Professional 


offers  Macro  Virus  Protection,  which  lets  you  easily  configure 
applications  to  help  prevent  users  from  running  the  macro 
attachments  that  most  viruses  use.  Want  more  reasons  to 
upgrade?  Visit  microsoft.com/desktop 


and  Microsoft  Office  XP  Professional.  Want  specific  examples? 
The  Group  Policy  feature  in  Windows  XP  Professional  lets 
you  define  related  user  groups  and  then  easily  assign  security 
settings  to  the  group  as  a  whole.  Office  XP  Professional 
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Produced  by: 


IDC 


To  Participate,  go  to: 
www.nwfusion.com/itinsiglit/ss2 
and  register  to  get: 

,  Network  World  White  Papers 


Sponsor  White  Papers 


Custom  Security  Email  Newsletter 


IDC  and  Analyst  Information 


White 

Paper... 

Your  insights  on  enterprise  security 
count  Influence  the  strategic 
direction  of  the  vendors  you  purchase  from 
by  telling  them  exactly  what  you  need  to 
make  your  company  secure. 


Take  IDC's  Perception  Survey  on 

Security  Services 

and  get  the  information  you  need  to  make 
the  right  recommendations  and  purchasing 
decisions. 

The  knowledge  you  share  could  earn  you 
$500:  every  qualified,  completed  survey  will 
be  entered  in  two  chances  to  win  $500. 

(1  in  125  chance  to  win) 


Sponsored  by: 


ZyXEL 

Your  Key  to  Network  Security 


UNISYS 

Imagine  it.  Done. 


Cisco  Systems 


Please  corr  p.ie-e  the  entire  survey  and  contact  information  to  be  entered  to  the  drawing  to  win  $500.  One  entry  per  person.  Drawing  is  open  to  legal  U.S.  residents.  Void  where  prohibited  by  law.  Sponsor  is  not  responsible 
for  telephone  m  •  n  failure,  or  for  incomplete,  garbled  or  delayed  transmission.  Two  winners  will  be  awarded  $500.  Odds  of  winning  are  1  in  125.  The  winner  will  be  notified  by  email,  and  will  be  required  to  sign  a  return 
notarized  •  . .  .  •  of  Ehgibiiity  Liability  and  Publicity  Release  within  10  days  of  notification  attempt.  Noncompliance  may  result  in  disqualification  and  award  of  prize  to  an  alternate  winner.  All  taxes  on  prize  are  winner's 

responsibility. 

Employees  of  IDG.  IDC.  their  affiliates  and  agents,  and  their  immediate  families  are  not  eligible. 


SHAPING  YOUR  NETWORK 


Intrusion-detection  apps  boost  security 


Network 
traffic 
■  Mirrored 
traffic 


console. 


Management 

console 


Sensor  located  Inside  the  LAN  checks 
internal  traffic  against  signatures  and 
other  data  stored  by  intrusion  manager. 


■  BY  THROOP  WILDER 

In  their  earliest  versions,  intrusion-detec¬ 
tion  systems  focused  extensively  on 
postevent  audit-trail  analysis.  Today  IDS 
applications  monitor,  detect  and  respond 
to  unauthorized  activities  within  networks 
in  real  time.  IDS  applications  have  emerged 
to  strengthen  security  on  the  perimeter 
and  maximize  the  capabilities  of  already 
deployed  network  firewalls. 

Most  intrusion  attacks  are  in  one  of  three 
major  categories  —  reconnaissance  (ping 
sweeps,  port  scans  and  indexing  public 
Web  servers  to  find  Common  Gateway 
Interface  holes), exploits  (using  hidden  fea¬ 
tures  or  bugs  to  gain  network  access)  or 
denial-of-service  attacks,  through  which  an 
intruder  tries  to  crash  a  system  or  overload 
a  network. 

IDSs  attempt  to  stop  these  attacks  by 
scanning  network  traffic  for  signatures 
(any  pattern  or  sequence  of  patterns 
that  constitutes  a  known  security  viola¬ 
tion);  for  policy  anomalies,  such  as  vari¬ 
ations  in  traffic  or  network  protocol  that 
can  signal  impending  illegal  activity; 
and  for  signs  of  unwarranted  activity  that 
could  point  to  attacks  from  inside  or  out¬ 
side  the  network. 

Every  user  or  device  has  a  pattern  of  us¬ 
age,  one  that  is  potentially  unique.  Any 
anomalies  that  cannot  be  resolved  are  con¬ 
sidered  potential  attacks  and  are  investi¬ 
gated.  Once  an  attack  signature  is  detected, 
several  actions  can  be  taken  to  stop  or  trace 
the  attacker,  as  well  as  record  the  event  and 
notify  an  administrator. 

Network  IDSs  have  three  primary  compo¬ 
nents:  sensors,  managers  and  consoles. 
Sensors  are  applications  that  are  deployed 


throughout  networks  to  monitor  for  suspi¬ 
cious  behavior.  Managers  store  signature 
data  and  alert  data  from  the  sensors  and 
activity  logs.  Consoles  are  graphical  user 
interfaces  for  managing  individual  sensors 
throughout  networks. 

Typicallysensors  are  deployed  inside  and 
outside  firewalls. A  sensor  outside  a  firewall 
can  watch  for  unsuccessful  reconnais¬ 
sance  missions  from  unauthorized  users, 
and  if  a  hacker  gets  past  the  firewall,  pro¬ 
vide  a  complete  audit  trail  of  how  the  intru¬ 
sion  occurred,  to  prevent  future  unautho¬ 
rized  entries.  Behind  the  firewall,  sensors 
collect  data  that  is  fed  from  switched  net¬ 
work  segments. 

As  traffic  flows  through  an  IDS  sensor, 


the  sensor  analyzes  TCP  packets  to  deter¬ 
mine  if  the  destination  address  (or  other 
criteria)  falls  within  the  range  for  which  it 
is  responsible;  if  not,  it  ignores  the  packet 
and  the  corresponding  sensor  eventually 
picks  it  up.  If  it  does  fall  within  the  range 
of  responsibility  the  sensor  compares  the 
packet  against  the  manager’s  database  of 
attack  signatures.  Many  IDS  applications 
now  allow  for  stateful  signature  inspec¬ 
tion,  wherein  a  sensor  can  detect,  identify 
and  prevent  more  sophisticated  attacks 
that  take  place  over  a  series  of  packets, 
which  individually  seem  innocuous.  IDS 
managers  also  can  store  and  dynamically 
develop  baseline  metrics  for  a  network’s 
typical  operating  profile  throughout  the 


day,  week,  month  and  year. Traffic  patterns 
that  don’t  adhere  to  the  baselines  repre¬ 
sent  potential  intrusions. 

When  a  sensor  sees  a  subset  of  a  packet, 
an  entire  packet  or  set  of  packets  whose  bit 
sequence  matches  an  attack  signature,  it 
triggers  an  alarm  and  potentially  might 
block  a  specific  offending  traffic  stream. 
Typically  these  response  modes  include 
notifying  an  administrator  via  e-mail  or 
pager;  capturing  packets  for  the  remainder 
of  a  session  for  analysis;  generating  a  log 
file  for  terminating  an  attacker’s  session 
through  a  TCP/IP  reset  command;  recon¬ 
figuring  or  hardening  a  firewall;  and  exe¬ 
cuting  a  batch  file.  A  sensor  will  send  the 
event  to  a  higher-level  manager,  which  can 
terminate  the  connection  and  record  the 
session  for  forensic  analysis. 

Like  all  new  technologies,  IDS  has  grow¬ 
ing  pains.  Perhaps  the  most  widely  per¬ 
ceived  issue  is  “false  positive”  overload.  Be¬ 
cause  intrusion  detection  is  somewhat  im¬ 
precise,  legitimate  traffic  can  have  charac¬ 
teristics  that  resemble  intrusions  or  net¬ 
work  attacks. 

Typically  at  that  point,  alerts  are  generat¬ 
ed  and  security  administrators  notified.  But 
an  overabundance  of  intrusion  alerts  can 
numb  administrators  to  real  attackers. 
Fortunately  IDS  vendors  and  a  new  class  of 
management  software  called  security 
information  management  are  providing 
methods  of  reducing  false  positives  or 
through  better  tuning  or  the  correlation  of 
multiple  security  device  logs. 

Wilder  is  a  co-founder  and  vice  president 
of  marketing  for  Crossbeam  Systems.  He 
can  be  reached  at  throop@crossbeamsys 
tems.com. 


Dr.  Internet 


By  Steve  Blass 


How  can  I  use  Address  Resolution  Protocol  (or 
something  else)  to  detect  if  the  IP  address  I  was 
assigned  is  unique  without  causing  all  other 
hosts  to  update  their  cache  and  lose  communi¬ 
cation  with  the  original  owner? 

If  you  have  access  to  a  second  computer  on  the 
network,  use  that  to  ping  the  IP  address  in  ques¬ 
tion  to  see  if  it  is  currently  active  on  the  network 
before  booting  your  system  with  that  address. 


Typing  ‘arp  -a'  from  the  command  line  should  dis¬ 
play  the  local  Address  Resolution  Protocol  cache 
and  reveal  the  media-access-control  address  of 
the  active  IP  address  if  it  is  on  the  same  network 
segment  (even  if  that  system  doesn't  respond  to 
pings).  If  you  try  to  detect  this  after  starting  up 
your  system  on  the  network  with  the  questionable 
IP  address,  you  should  see  “duplicate  IP  address" 
errors  on  your  screen.  As  an  end  user  on  the  net¬ 
work,  your  options  are  limited,  unless  you  have 


network  sniffer  software  available  that  lists  and 
reviews  active  IP  addresses.  If  IP  communications 
are  slow,  appeal  to  your  local  network  administra¬ 
tor.  If  you  are  the  local  network  administrator,  turn 
off  the  questionable  system,  wait  a  bit,  and  ping 
the  IP  address  of  interest  from  another  machine  to 
see  if  you  get  an  answer. 

Blass  is  a  network  architect.  He  can  be  reached 
at  dr.internet@changeatwork.com. 
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Wrapping  up  our  ASP  example 


Last  week  we  introduced  the  l!S  Ob¬ 
ject  Model  and,  specifically,  the  Re¬ 
quest  object,  which  gives  you  access 
to  the  HTTP  header  and  body,  and  the 
Form  collection,  which  provides  access  to 
all  the  POST’ed  items. 

We  also  outlined  a  wonderfully  eccen¬ 
tric  and  fabulously  pointless  Web  page 
that  uses  Active  Server  Scripting  to  cre¬ 
ate  an  array  of  radio  buttons  with  indi¬ 
vidual  scripts  related  to  each  button 
(you  can  find  the  article  at  www.nwfu 
sion.com,  DocFinder:  3829, and  the  code 
can  be  downloaded  from  DocFinder: 
3830). 

To  continue  with  our  survey  of  the  code: 
Lines  7  and  8  are  HTML  with  in-line  sec¬ 
tions  of  Active  Server  Page  (ASP)  script 
that  are  replaced  by  the  value  of  the  vari¬ 
ables  referenced  as  the  count  of  columns 
and  rows  (the  variables  ‘intC”  and  “intR”) 
are  each  looped  through. 

7  clNPUT  TYPE  =  radio  VALUE  =  But- 
ton<%=intC%x%=intR%> 


8  OnClick  =“Button<%=intC%> 
<%=intR%>_Click()”> 

This  generates  the  following  client-side 
HTML  output,  which  is  sent  to  the  browser: 
clNPUT  TYPE  =  radio  VALUE  =  Button  1 1 
OnClick  =  “Button  1  l_Click0”> 
clNPUT  TYPE  =  radio  VALUE  =  Button  1 1 
OnClick  =“Button21_Click()”> 
clNPUT  TYPE  =  radio  VALUE  =  Button  1 1 
OnClick  =“Button31_Click0”> 

.  .  .  and  so  on.  This  code  defines  an 
OnClick  event  that  calls  a  unique  function 
for  each  button.  Lines  12  through  24 
create  the  client-side  scripted  function  for 
each  button. 

12  cSCRIPT  LANGUAGE  =“VBScript”> 

13  c% 

14  For  intR  =  1  to  MaxRows 

15  For  intC  =  1  to  MaxCols 

16  %> 

17  Sub  Buttonc%=intC%>c%=intR%> 
_Click() 

18  MsgBox“That  is  column  c%=intC%>, 
row  <%=intR%>.” 

19  End  Sub 

20  <% 

21  Next 

22  Next 

23  %> 

24  c/SCRIPT> 

The  loops  starting  in  Line  14  for  the  rows 
and  Line  15  for  the  columns  create  the 


code  (we’ve  assumed  five  columns  and 
seven  rows  were  requested)  below.  Note 
that  the  output  from  these  loops  will  be 
between  the  cSCRIPT  ...>  tag  (Line  12) 
and  the  c/SCRIPT>  tag  (Line  24)  in  the 
generated  content. 

Sub  Button  1  l_Click() 

MsgBoxThat  is  column  l,row  1.” 

End  Sub 

Sub  Button21_Click() 

MsgBoxThat  is  column  2, row  1.” 

End  Sub 

—  Etc.,  etc.  etc.  — 

Sub  Button56_Click() 

MsgBoxThat  is  column  5, row  6.” 

End  Sub 

Sub  Button57_ClickO 

MsgBox  “That  is  column  5,  row  7.” 

End  Sub 

So  when  you  load  the  output  page  gen¬ 
erated  by  the  ASP  page  and  click  on  a 
radio  button,  a  message  will  be  displayed 
announcing  which  button  was  clicked.  Of 
course  you  could  create  any  code  you 
like  for  the  body  of  each  function. 

This  is  a  trivial  example  of  ASP  pro¬ 
gramming,  but  it  illustrates  some  impor¬ 
tant  features. 

First,  it  shows  you  how  ASP  is 
woven  into  a  document  and 
how  the  results  of  the  script 
replace  and  modify  the  regular 


HTML  content. 

Second,  it  illustrates  that  server-side 
ASP  scripting  can  create  client-side 
scripting.  This  can  be  incredibly  useful 
where  catalogs  or  directories  are  being 
displayed. 

Moreover,  in  our  example  we  created 
client-side  VBScript  but  we  could  have 
created  code  in  any  client-side  supported 
language  or  for  any  plug-in  or  browser 
service. 

Finally,  it  shows  how  ASP  can  be  used 
to  generate  complex,  variable  content.  In 
this  case  we  created  client-side  scripting 
but  we  could  have  created  tables,  lists, 
frames,  etc. 

This  requires  a  different  way  of  think¬ 
ing  about  Web  content  because  until  the 
output  leaves  the  server  the  scripting 
can  treat  the  HTML  content  as  nonlin- 
early,  as  needed,  to  create  the  required 
output. 

Next  week,  we'll  wrap  up  our  discussion 
of  ASP  Send  your  objects  to  gearhead 
@gibbs.  com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Take  a  Web  cam,  add  Ethernet  capabilities  and 
you’ve  got  a  new  class  of  product  called  a  network 
camera. 

These  are  more  advanced  than  simple  Web  cameras, 
and  we  recently  tested  two  — Veo’s  Observer  and  the  Axis 
2130  PTZ  Network  Camera. 

The  Veo  goes  for  $200,  while  the  feature-packed  2130 
PTZ  costs  about  $1,700.  Both  serve  the  same  purpose  — 
connecting  a  camera  to  an  Ethernet  network  and  then 
letting  an  administrator  (or  even  a  guest  user)  view  the 
camera  from  a  Web  browser  from  within  the  LAN  or  over 
the  Internet.  The  higher-priced  2130  PTZ 
includes  features  such  as  the  ability  to 
focus  in  on  faraway  objects. 

The  Veo  Observer  was  easier  to  install 
than  of  anything  we’ve  tried  in  a  long 
time. We  plugged  an  Ethernet  cable  into 
the  port,  then  the  power  cable,  then 
turned  on  the  camera.  Voila  —  the  cam¬ 
era  had  a  nice  little  LCD  display  that 
showed  us  the  last  three  numbers  of 
the  IP  address  it  grabbed  from  our  net¬ 
work’s  DHCP  server.  We  wish  more 
network  equipment  could  be  installed 
like  this. 

Onc»  we  had  our  IP  address,  we  could 
easily  configure  the  camera  from  a  Web 
browser  on  the  same  network.  We  then 
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A  tale  of  two  cameras 


could  assign  user  rights;  change  the  video  window  size; 
and  control  the  pan,  tilt  and  zoom  on  the  camera 
remotely.  We  were  able  to  assign  three  levels  of  users  — 
administrator,  user  (could  control  camera  but  not  assign 
rights)  or  guest  (view  camera  only). 

The  camera  gave  us  a  pretty  good  picture:  Our  frame  rate 
was  about  1 1  frame/sec,  at  a  320-by-240-pixel  window  size. 
You  also  can  view  the  image  at  a  lower  screen  size  (160  by 
120  pixels)  or  higher  size  (640  by  480  pixels). The  camera 
had  three  different  lighting  settings  (normal,  backlight  or 
night)  that  helped  improve  the  quality  of  the  image. 

We  were  disappointed  that  only  one  user  could  access 
the  camera  at  a  time  — Veo  said  it  limited  this  to  lower  the 
price.  This  prevented  us  from  setting  up  an  internal  “Web 
cam”  type  of  application  that  would  let  us  aim  the  camera 
at  the  traffic  outside  our  building  and  have  people  watch 
the  sights. To  do  that  we  would  have  needed  to  set  up  the 
camera  through  a  Web  server. 

The  Axis  2130  PTZ  camera  gave  us 
more  features  and  a  higher-quality  vi¬ 
deo  image,  which  is  what  you’d  expect 
for  the  higher  price.  Setup  was  more 
difficult  than  with  the  Veo.  We  needed 
to  enter  Windows  command-line  mode 
to  assign  the  camera  a  static  IP  address 
before  we  even  connected  the  camera. 
After  connecting,  we  had  the  option  to 
change  the  settings  to  allow  for  a  DHCP 
address  assignment. 

The  Axis  camera  has  three  resolution 
settings:  704  by  480,352  by  240  or  176  by 
112  pixels.  At  the  highest  resolution,  the 
video  was  very  clear.  Like  the  Veo  cam¬ 
era,  we  could  use  a  browser  to  control 


The  Axis  2130  PTZ  displays  an 
amazingly  clear  image. 


Installing  the  Veo  Observer  is  a 
snap,  and  it  easily  can  be  config¬ 
ured  on  the  same  network. 


the 
pan,  tilt 

and  zoom  —  it  has  a 
16x  optical  zoom  that 
lets  you  get  extremely 

close  to  far-away  subjects.  It  also  has  the  ability  to  automat¬ 
ically  focus  and  adjust  the  light  settings. 

At  the  higher  resolutions  we  found  that  it  ate  up  some 
serious  bandwidth  —  we  were  streaming  at  about  3.5M 
bit/sec  at  one  point,  which  slowed  down  a  portion  of  our 
network. That  triggered  an  email  from  our  network  guy 

The  camera  also  let  us  have  multiple  users  viewing  the 
camera  at  the  same  time  —  but  the  “guest”  level  still  let 
users  control  the  camera.This  led  to  everyone  trying  to  tilt 
and  zoom  at  the  same  time, causing  chaos.  We  would  have 
preferred  a  “view"  setting  where  users  couldn’t  control  the 
camera.  We  also  discovered  that  people  with  “user”  rights 
somehow  had  access  to  “admin"  features. 

Overall,  both  cameras  impressed  us,  the  final  choice  on 
a  networked  camera  likely  will  lie  with  your  budget,  pic¬ 
ture-quality  tolerance  and  how  you  want  to  use  the  cam¬ 
era  (security,  monitoring  a  parking  lot  or  just  watching 
who’s  at  the  coffee  machine). 

Shaw  can  be  reached  at  kshaw@nww.com. 


Reading  someone  else's 
copy  of  Network  World? 

Apply  for  your  own 
Free  subscription  today. 


Free  subscription 
(51  Issues) 


To  apply  online  go  to 

subscribenw.com/b02 

■i 


subscribenw.com/  b02 


Apply  for  your 

free 

subscription  today! 

(A  $255  value  -  yours  free) 


[what’s  the  big  idea?] 


You  won’t  know  unless  you  go. 


For  13  years,  the  DEMO  conference  has  consistently 
selected  and  showcased  the  year’s  most  promising, 
cutting-edge  technology  innovations,  offering  live, 
on-stage  demos,  product  test  drives  and  spirited 
discussions  with  the  leaders  who  are  shaping  the 
networking  industry. 


It’s  all  about  the  demos.  Hundreds  of  start-up  and 
established  companies  alike  vie  to  debut  at  DEMO,  but 
only  a  select  few  are  chosen.  Don’t  miss  this  exclusive 
opportunity  to  preview  the  newest,  most  innovative 
products  and  services  demonstrated  in  a  concise, 
consistent  format. 
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register  for  DEMO  2003  today! 
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EDITORIAL 

Network  World 
editorial  management 

Venturing 
forward  with 
10  predictions 

Last  week  we  came  clean  on  our  2002  predictions 
(we  got  about  half  right;  see  www.nwfusion.com, 
DocFinder:  3832),  and  now  it’s  time  to  turn  our 
cracked  glass  on  ’03.) 

•  Call  it  what  you  will  — self-healing,  autonomic  or  util¬ 
ity  computing  —  automation  will  be  all  the  talk.  HR  IBM 
and  Sun  have  come  out  with  platforms,  and  Cisco  has 
devices  that  manage  themselves.This  will  be  the  year  that 
long-term  plans  take  shape. 

•  Web  services  standards  will  continue  on  a  fast  track 
to  maturation,  but  companies  will  continue  to  restrict 
most  projects  to  behind  the  firewall,  and  Web  services 
integration  between  companies  will  remain  a  bleeding- 
edge  adventure. 

•  Server  consolidation  continues  as  users  scramble  to 
economize  by  putting  applications  on  more  powerful 
machines.  Blades  will  take  off  as  a  means  of  consolidat¬ 
ing  management,  but  Intel’s  Itanium  is  still  a  gamble. 

•  We’ll  hear  much  more  about  business  impact  man¬ 
agement,  the  holistic  idea  of  managing  the  network  for 
application  performance  instead  of  managing  the  pieces 
—  networks,  systems,  servers  applications  and  databases. 

•  The  arrival  of  combo  802.1 1  wireless  Ethernet  inter¬ 
face  cards  that  support  802.1  la  (54M  bit/sec)  and 
802.1  lb  (1 1M  bit/sec)  spur  adoption  of  802.1  la  in  the 
enterprise, but  802.1  lb  remains  the  hot-spot  technology 
of  choice.  Cometa  Networks,  the  AT&T/IBM/Intel  effort  to 
build  a  national  public  Wi-Fi  network,  struggles  as  it  tries 
to  figure  out  how  to  make  money. 

•  Voice-over-IP  vendors  trumpet  the  benefits  of  Session 
Initiation  Protocol,  which  is  music  to  the  ears  of  cus¬ 
tomers  holding  off  on  VoIP  investments  because  they 
don’t  want  to  commit  to  VoIP  today,  only  to  have  to 
upgrade  to  SIP  down  the  road. 

•  PC-based  servers  continue  their  ascendancy,  with 
power  and  features  that  rival  high-end  enterprise  boxes. 
What’s  more,  high-end  features  such  as  failover  continue 
to  trickle  down  to  lower-end  boxes.  Fat  PCs  outfitted  with 
Linux  continue  to  be  a  nice  migration  path  for  Sun  Sparc 
customers. 

•  The  Federal  Communications  Commission  loosens 
telecom  regulations,  the  industry  recovers  a  bit  and  it 
starts  to  invest  more,  but  WorldCom  can’t  go  it  alone  and 
is  acquired  by  one  of  the  Bells. 

•  On  the  security  front,  vendors  emphasize  effort  to 
integrate  features  once  found  in  multiple  products  into 
multifunction  boxes  or  core  network  gear. 

•  True  10G  bit/sec  Ethernet  switches  arrive,  but  it’s  still 
early  days,  and  the  equipment  is  too  expensive  to  make 
much  of  an  effect. 

—  Network  World  editorial  management 
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Linux  not  perfect 

I  have  been  a  Linux  user  for  years.  I  use  it  wherever  I 
can  to  replace  Microsoft  systems.  However,  I  have  to 
disagree  with  nearly  every  point  Tony  Fbdrasky 
makes  for  Linux  use  in  his  letter“Linux  is  the  answer” 
(www.nwfusion.com,  DocFinder:  3746). 

Patch  management  —  Linux  needs  it,  just  as  Win¬ 
dows  boxes  do.  A  person  could  use  Windows  for 
Workgroups  3. 1 1  with  an  old  version  of  Office  and 
do  everything  he  needs  to,  and  the  same  holds  true 
for  older  Linux  distributions.  But  to  be  a  secure  oper¬ 
ating  system  that  offers  the  most  in  functionality, 
even  Linux  needs  to  be  updated. 

Licensing  —  It  does  exist;  it  is  just  open  source  and 
free.  However,  more  and  more  Linux  software  is  not 
freely  available  and  requires  a  commercial  license. 

Support  —  Many  corporate  desktop  users  have  a 
lot  of  trouble  utilizing  Windows  and  Macintosh  com¬ 
puters.  I  simply  cannot  imagine  moving  them  to 
Linux  and  expecting  them  to  regain  their  current 
level  of  productivity  We  all  have  users  who  are  com¬ 
pletely  mystified  by  the  concept  of  PCs  and  will  re¬ 
main  so  until  they  die.  Therefore,  support  is  a  big 
issue  for  everyone  except  the  guru. 

Bulletproof  security  —  Running  a  4-year-old  Linux 
installation  with  no  patches  is  a  security  threat.This 
is  true  of  Linux  and  all  operating  systems  with  an 
Internet  connection.  If  an  unprotected,  outdated 
machine  is  visible  from  the  Internet,  it  will  probably 
be  hacked  —  unless  its  user  remains  lucky  runs  the 
most  up-to-date  software,  disables  all  unnecessary 
services,  uses  good  passwords  and  continually  eval¬ 
uates  the  vulnerability  of  his  system. 

Linux  is  a  wonderful  tool,  but  it  is  still  a  long  way 
from  being  perfect. 

John  James 
Springdale, Ark. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  Editor  In 
Chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Information  monster 

I  read  the  newspaper  every  day,  listen  to  the  news  on 
the  radio,  and  still  had  no  idea  the  government  was 
planning  the  monstrous,  revolting  database  Mark 
Gibbs  writes  about  in  his  column,  “The  total  infor¬ 
mation  monster”  (DocFinder:  3747).  Although  may¬ 
be  I’d  have  been  better  off  if  Gibbs  hadn't  written 
about  it,  because  my  lunch  isn’t  sitting  too  securely 
in  my  stomach  right  now. 

Do  we  need  any  more  evidence  that  a  large  per¬ 
centage  of  the  people  in  our  government  have  gone 
insane?  I’m  as  American  as  anyone,  and  I  despair  for 
the  future  of  my  country  —  especially  because  the 
average  person  would  hear  about  this  database  and 
not  be  particularly  bothered  by  the  concept. 

Please  don’t  listen  to  anyone  who  says  you 
shouldn’t  be  reporting  and  commenting  on  issues 
like  this  that  affect  society  in  general.  We  need  you 
to  keep  telling  us  about  this  type  of  outrage. 

C.Goff 
President 
Riley  Communications 
Old  Saybrook.Conn. 

Mark  Gibbs  is  not  thinking  like  a  government  em¬ 
ployee.  Billions  of  dollars  are  wasted  every  year  on 
things  that  sound  good  to  the  bureaucracy,  when  al¬ 
most  everyone  involved  knows  there’s  not  a  chance 
in  hell  the  thing  will  work  as  promised.  What’s  truly 
amazing  is  that  voters  put  up  with  any  of  this. 

The  idea  of  the  Total  Information  Awareness  pro¬ 
gram  alone  is  an  invasion  of  privacy,  just  like  Web 
sites  placing  cookies  on  your  machine  to  track  your 
browsing  habits.  Ben  Franklin  warned  us  that  our 
freedoms  would  not  be  lost  all  at  once, but  would  be 
slowly  eroded  over  time.  He  was  right. 

Those  who  give  up  their  freedoms  for  security  de¬ 
serve  neither. Try  telling  that  to  the  American  public. 

Mark  Smith 
Garden  Valley  Calif. 
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PERFORMANCE  ISSUES 

Brad  Chen 


How  to  read  an  SLA 


Many  Internet  and  content  delivery  network  service  providers 
offer  service-level  agreements  that  might  sound  impressive  — 
until  you  read  the  fine  print. 

SLA  weaknesses  fall  into  two  categories:  weak  guarantees  and 
weak  enforcement.  An  example  of  a  weak  guarantee  is  “less  than  1% 
packet  loss.”  In  some  situations,  1%  seems  quite  small  (for  example, 
“1%  of  students  got  an  A  in  the  course”).  In  others,  1%  is  huge  (“1% 
of  the  tires  were  defective”).  On  the  Web,  1%  packet  loss  is  quite  large; 
two  lost  packets  for  the  200  packets  that  a  typical  home  page 
requires.  Unfortunately,  each  lost  packet  tends  to  have  a  noticeable 
performance  penalty  as  a  result  of  factors  such  as  network  timeouts 
and  slow  paths  through  protocol  code.  So  if  your  ISP  delivers  any¬ 
thing  close  to  1%  average  packet  loss,  look  for  a  new  ISP 
1  found  other  examples  of  weak  guarantees  in  ISP  availability  met¬ 
rics.  One  vendor  promised  100%  availability  but  defined  an  avail¬ 
ability  incident  as  an  hour  or  more  of  100%  packet  loss. So  59-minute 
outages  and  periods  of  90%  packet  loss  aren’t  availability  problems 
for  this  SLA.  Another  SLA  promised  10-minute  resolution  of  outages 
but  didn’t  indicate  if  degraded  service  was  considered  an  outage. 

Scope  limitations  are  a  third  example  of  a  weak  guarantee.  Most  ISPs 
will  guarantee  round-trip  performance  only  within  their  networks. 
However,  most  Web  user  requests  must  traverse  multiple  major  ISPs  to 
reach  your  servers,  as  the  largest  providers  host  less  than  50%  of  end 
users.  Large  sites  often  use  multiple  ISPs,  providing  better  connections 
to  more  end  users. 


In  fairness,  intranetwork  performance  is  the  only  thing  ISPs  directly 
control.  Beware  of  promises  about  performance  across  the  entire  Inter¬ 
net  —  they  are  an  example  of  weak  enforcement.  One  SLA  had  a  decent 
performance  guarantee  for  domestic  U.S.  traffic  (55-msec  round-trip 
time)  but  weakened  it  with  enforcement  based  on  traffic  from  auto¬ 
mated  test  clients  located  within  the  provider’s  network.The  result  is  no 
more  of  an  end-to-end  guarantee  than  the  intranetwork  promise. 

The  most  common  enforcement  problems  arise  from  statistical  treat¬ 
ments  applied  to  SLA  metrics.  Performance  and  packet-  loss  guarantees 
commonly  are  based  on  monthly  averages.  Note,  however,  that  the 
Internet  is  exceptionally  fast  during  off-peak  hours.  A  few  hours  of  poor 
performance  during  the  day  disappear  when  statistically  blended  with 
hours  of  excellent  performance  at  night.  So  a  service  provider  with  bad 
performance  could  satisfy  what  seemed  like  a  tough  SLA.  Conclude 
that  SLAs  based  on  monthly  averages  are  weak. 

In  defense  of  the  service  providers,  SLAs  are  weak  for  a  good  rea¬ 
son:  The  Internet  is  a  federation.  Perhaps  a  weak  promise  is  better 
than  no  promise  at  all.  My  advice:  Demand  an  SLA  from  your  ISP  then 
read  and  understand  it.  Your  service  provider  should  know  you 
understand  the  SLA  and  will  be  looking  for  a  new  provider  long 
before  the  SLA  terms  are  invoked. 

Chen  is  CTO  for  Appliant,  a  Seattle  firm  specializing  in  end-user 
experience  management  for  Internet-  and  intranet-based  services.  He 
can  be  reached  at  brad.chen@acm.org. 


SLA  weaknesses 

fall  into  two 
categories:  weak 
guarantees 
and  weak 
enforcement. 


CACHE  ADVANCE 

Linda  Musthaler 


artner  recently  reported  that  many 
companies  are  extending  the  life 
spans  of  their  PCs  by  not  refreshing 
them  as  often  as  before.  It  was  fairly  common  to  see  a  three-year 
refresh  cycle,  so  that  every  year,  one-third  of  a  company’s  PCs  were 
retired  as  new  PCs  came  in  the  door.  Now,  according  to  Gartner, 
improved  technology  and  shrinking  IT  budgets  have  induced  many 
companies  to  replace  PCs  every  four  years. 

I’m  in  favor  of  the  more-frequent  refresh  rate.  It  costs  a  lot  of  money 
to  replace  a  third  of  your  PCs  every  year,  but  the  cost  of  not  replacing 
them  is  even  higher.  Plus,  there  are  good  technology  reasons  for 
wanting  the  latest  and  greatest  PCs  on  the  market  today. 

The  cost  to  support  a  PC  each  year  is  anywhere  from  three  to  five 
times  higher  than  the  cost  to  purchase  the  PC  in  the  first  place. 
Depending  on  where  you  get  your  numbers  —  Gartner,  Forrester, 
Fortune ,  The  Economist  or  elsewhere  —  the  research  indicates  that 
average  annual  support  costs  can  range  from  $5,000  to  $10,000 
per  PC. 

What’s  more,  as  the  PC  ages,  the  annual  costs  go  up  because  more 
maintenance  is  needed.  Gartner  reports  that  a  typical  support  call 
can  cost  between  $35  and  $50.  A  longer  call  can  cost  hundreds  of 
dollars.  It’s  not  the  newer  PCs  that  typically  need  chronic  care;  it’s  the 
older  PCs  that  probably  don’t  even  have  a  book  value  of  $100.  With 
warranties  on  older  PCs  expiring,  repairs  are  more  expensive.  In  addi¬ 
tion,  user  self-help  is  easier  when  the  technology  is  newer. 

Older  PCs  are  likely  to  have  missed  some  critical  maintenance 
activities  through  the  years,  such  as  defragmenting  the  disk,  unin¬ 
stalling  files  that  are  no  longer  needed  and  applying  software 
patches.  Each  missed  maintenance  opportunity  is  a  help  desk  call 
waiting  to  happen. 

Because  most  support  problems  are  related  to  software, you  might 
be  tempted  to  upgrade  just  the  operating  system  and  leave  the  old 
hardware  in  place.  I  say,  replace  them  both.  These  days,  the  pur¬ 
chase  price  of  a  new  desktop  (monitor  not  included)  can  be  as 
low  as  $800, and  that’s  not  a  stripped-down  model.  Most  likely  it  will 


Examining  the  PC  upgrade  cycle 


come  preconfigured  with  Windows  XP  and  very  good  application 
software. 

Replacing  the  hardware  assures  that  you  can  run  the  latest  soft¬ 
ware.  Even  though  Microsoft  set  the  hardware  bar  relatively  low  for 
running  XP  you  really  wouldn’t  want  to  put  XP  on  an  older  PC.That’s 
akin  to  putting  a  fresh  coat  of  paint  on  a  beat-up,  old  car. The  surface 
might  look  great,  but  the  engine  is  getting  tired. 

The  new  Intel  chips  going  into  PCs  today  are  10  times  faster  than 
those  that  went  into  PCs  just  a  few  years  ago.  Users  tend  to  blame 
the  operating  system,  the  software  or  the  Internet  connection  when 
the  PC  seems  sluggish.  Could  it  be  that  the  CPU  of  the  4-year-old  PC 
just  can’t  keep  up  with  today’s  processing  demands?  Some  com¬ 
mon  CPU-intensive  activities  that  could  use  the  boost  of  a  new 
processor  chip  are  editing  images  or  video  clips,  background  virus¬ 
scanning,  number-crunching  in  databases  and  spreadsheets,  and 
even  gaming  and  ripping  CDs  and  DVDs.  Intel’s  new  hyperthread¬ 
ing  technology  boosts  those  kinds  of  activities  like  there’s  no 
tomorrow. 

Maintaining  a  short  list  of  corporate  standards  is  another  good  rea¬ 
son  to  keep  PC  life  cycles  to  three  years  or  less.  With  older  PCs  in  your 
company’s  mix,  you’ll  have  to  support  multiple  operating  systems 
and  hardware  platforms.You’ll  need  to  keep  an  inventory  of  parts  for 
numerous  PC  models,  and  maybe  even  multiple  manufacturers.Your 
staff  needs  to  know  how  to  support  the  old  and  the  new.  In  short,  the 
broader  the  array  of  models  and  products  you  support,  the  higher 
the  support  costs. 

Of  course,  I’m  preaching  to  the  choir  on  this  issue.  You  know  my 
assertions  are  true.  It’s  your  CFO  who  needs  to  see  that  old  dogs  in 
the  PC  arsenal  cost  the  company  more  money  Maybe  my  arguments 
will  help  support  your  case.  If  not,  just  show  the  CFO  the  numbers  of 
what  it  takes  to  support  the  old  vs.  the  new  devices  in  your  midst.  It 
won’t  take  creative  accounting  to  prove  this  case. 


It  costs  a  lot  of 
money  to  replace 
a  third  of  your 
PCs  every  year, 
but  the  cost  of 
not  replacing 
them  is  even 
higher. 


Musthaler  is  vice  president  of  Currid  &  Company,  a  technology 
assessment  firm  in  Houston.  She  can  be  reached  at  linda@currid.  com. 
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PoliVec  Suite 

Makes  setup, 
maintenance  of 
security 
policies  easy 


EH  BY  MANDY  ANDRESS,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

stablishing  and  maintaining  security  policies  across  a  corporate  network 
is  a  necessary  hassle.  The  good  news  is  that  PoliVec  s  suite  of  security 
tools  —  Builder,  Scanner  and  Enforcer  —  smoothes  out  the  process. 
Builder  is  the  best  component  of  the  suite,  providing  an  easy  way  to 
develop  strong  security  policies.  Enforcer  is  a  more  complicated  tool,  requiring 
quite  a  bit  of  configuration^  process  that  could  be  simplified. 


FbliVec  Builder  has  a  graphical  user  interface  that  helps  you  quickly  develop  an  enter¬ 
prise  security  policy  according  to  best  practices  for  physical  security  e-mail  security 
network  access,  remote  access,  authentication,  incident  response  and  security  train¬ 
ing.  You  also  can  define  your  own  policy  statements.  Builder  even  includes  templates 
to  help  organizations  develop  policies  that  adhere  to  regulations  such  as  the  Health 
Insurance  Portability  and  Accountability  Act  and  the  Gramm-Leach-Bliley  Act,  which 
governs  financial  institutions. 

Starting  with  Policy  Editor,  you  select  policies  and  best  practices  as  the  first  step  in 
developing  a  policy  document.  Many  of  the  policies  have  attributes  that  can  be  cus¬ 
tomized  for  your  organization. 

The  best  feature  in  Builder  is  the  ability  to  create  implementation  standards  based 
on  your  policy  Implementation  standards  are  detailed  instructions  that  show  admin¬ 
istrators  how  to  configure  their  servers  to  adhere  to  the  security  policy 

PoliVec  Scanner  taps  into  the  policy  document  to  audit  systems  and  determine  if 
they  are  configured  correctly  Scanner  analyzes  systems  for  password  policies,  registry 
settings, audit  trail  settings,  trust  relationships, Windows  NT  File  System  (NTFS)  settings 
and  account  management.  Scanner  also  includes  a  password  cracker  to  test  end-user 
passwords  to  ensure  they  follow  defined  policies.  By  analyzing  registry  settings, 
Scanner  also  can  determine  which  security  patches  are  missing  from  the  system. 

You  can  schedule  scans  to  run  automatically  and  can  customize  the  password¬ 
cracking  dictionary  to  include  key  words  that  end  users  might  be  inclined  to  use  in 
their  password. 

Security  policies  from  Builder  can  be  imported  to  use  as  the  baseline  for  scanning. 
Customized  policies  also  can  be  defined  and  used  as  the  basis  for  a  scan.  One  caveat 


Net  Results 


PoliVec  Suite  -  Builder,  Scanner  and  Enforcer 


3.9 

RATING 


Company:  PoliVec;  www.polivec.com  Cost:  Builder;  $7,500; 
Scanner,  $10,000;  Enforcer,  $30,000.  Pros:  Easy  to  use;  develops 
best  practice  security  policy  in  minutes;  implementation  standards 
provide  excellent  directions  for  system  configuration.  Cons: 
Some  components  are  Windowscentric. 


PoliVec  Suite 


Performance  35% 
Ease  of  use  25% 
Manageability  25% 
Snstallation/Documentation  15% 


4 

4 

4 
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TOTAL  SCORE  [  3.9 


Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this 
i'.'gory.  Defines  the  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room 
;  i  'i  rovement,  this  product  was  much  betterthan  the  average.  3:  Average  showing  in  this 
iti-vor,  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
scio.'  ‘e.  i  s  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar, 
or  ,ac  ig  features  being  reviewed. 


■  How  we  did  it 


We  installed  PoliVec  Builder,  Scanner  and  Enforcer  on  an  Intel  Pentium 
III  system  with  128M  bytes  of  RAM  running  Windows  2000,  SP3.  We 
created  an  initial  security  policy  based  on  the  default  template.  We 
then  imported  the  policy  into  Scanner  and  audited  five  Win  2000  and  XP  sys¬ 
tems  on  the  test  network.  We  then  imported  the  policy  into  Enforcer  and  moni¬ 
tored  five  Win  2000  and  XP  systems,  changing  system  configurations  to  trigger 
defined  alerts.  We  also  repeated  these  tests  using  a  custom  security  policy. 


is  that  Scanner  only  works  with  Windows  NT,  2000  and  XP  machines. 

The  results  of  the  audit  are  all  stored  centrally  You  can  generate  multiple  reports, 
such  as  displaying  the  audit  results  of  a  scheduled  scan,  audit  results  for  a  specific 
group  of  systems,  or  comparing  trend  information  of  several  audits  for  one  system. 

One  of  the  best  features  of  Scanner  is  its  ability  to  correct  identified  issues  on  remote 
systems  in  real  time  from  the  central  console.  Issues  such  as  improper  NTFS  permis¬ 
sions,  incorrect  password  policies,  and  incorrect  account  settings  can  be  changed 
immediately  conforming  the  system  to  your  organization’s  security  policy. 

Enforcer  provides  continuous  monitoring  of  specific  systems  for  adherence  to  cor¬ 
porate  security  policy  You  can  monitor  all  your  systems,  or  select  groups  of  systems. 
The  policy  created  in  Builder  is  imported  into  Enforcer  as  the  enforcement  policy 

Enforcer  agents  are  installed  on  each  system.  In  addition  to  agents,  Enforcer  also  has 
three  other  components  —  Agent  Manager,  Controller  and  Console.  Agent  Manager 
manages  the  agent  communications.  Controller  manages  the  entire  system,  and  Con¬ 
sole  is  the  graphical  interface  used  for  administration  and  report  viewing. 

Administrators  can  configure  alarm  profiles  for  attributes  of  the  monitored  device. 
These  profiles  are  a  collection  of  rules  that  make  the  escalation  process  very  flexible. 
When  an  alarm  was  triggered,  these  escalation  procedures  were  followed  perfectly  in 
our  tests.  Enforcer  can  take  various  actions,  such  as  send  an  e-mail  or  page,  or  ignore 
them  until  the  alarm  is  triggered  a  certain  number  of  times. 

Enforcer  offers  role-based  administrator  access.  It  supports  three  roles:  Data  Admin¬ 
istrator,  which  allows  access  to  all  the  information  editors,  the  term  used  in  Enforcer 
to  describe  the  configuration  screens;  Administrator,  which  has  access  to  everything 
monitored  by  the  product;  and  Monitor,  which  only  has  access  to  the  Control  Panel 
and  Reports. 

As  with  other  FbliVec  products,  comprehensive  reports  are  available  in  a  variety  of 
formats.  With  Enforcer,  there  are  reports 
with  detail  alarms,  date/time,  alarm 
type  and  status  for  multiple  agents  or 
only  one  agent. 

The  FbliVec  product  suite  provides  a 
strong,  easy-to-use  tool  set  to  let  organi¬ 
zations  develop,  implement  and  en¬ 
force  strong  security  policies. 


Andress  is  president  ofArcSec  Technol¬ 
ogies,  a  security  company  focusing  on 
product  reviews  and  analysis.  She  can 
be  reached  at  mandv@arcsec.com. 


Global  Test  Allia 


mm 

■  Andress  is  also  a  member  of  the 
Network  World  Global  Test  Alliance,  a  coop¬ 
erative  of  the  premier  reviewers  in  the  net¬ 
work  industry,  each  bringing  to  bear  years 
of  practical  experience  on  every  review.  For 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 


Dell  servers  use  cost  effective,  industry-standard 
technology  such  as  Intel ®  Xeon”  processors. 
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Computing  Clusters. 

Want  to  reinvent  your  data  center?  Follow  the  leader. 
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Dell  |  Enterprise 

The  world  of  supercomputing  has  changed.  No  longer  does  a  business  have  to  rely  on  expensive,  proprietary  systems  to  run  mainframe 
applications.  Let  Dell,  the  leader  in  high  performance  computing  clusters,  bring  a  singular  focus  on  TCO  to  your  data  center.  Built  on  flexible,  cost-effective 
Intel®  Xeon”-  processor  technology,  Dell  High  Performance  Computing  Clusters  can  help  you  make  an  impact  within  your  organization  that  goes  far 
beyond  IT.  What  can  Dell  High  Performance  Computing  Clusters  provide  your  business? 

•  Instant  scalability.  Dell  HPCCs  give  you  the  ability  to  grow  in  overall  capacity  and  to  meet  high  usage  demand  as  the  need  arises. 

•  Enhanced  availability.  With  a  Dell  HPCC,  the  system  as  a  whole  stays  highly  available,  even  with  the  removal  of  any  single  failure  point 
in  hardware  or  software. 

•  Enterprise-level  service  and  support.  Full,  24/7  commitment  from  design  to  implementation  to  on-site'  or  online  support. 

•  Improved  system  manageability.  Dell's  Intelligent  IT  portfolio  gives  you  the  tools  and  services  to  automate  the  deployment,  management 
and  maintenance  of  your  IT  infrastructure.  The  result?  Lower  TCO. 

For  nearly  20  years,  we've  revolutionized  the  way  the  world  buys  and  manages  technology.  Now  see  how  we're  revolutionizing  the  world  of 
High  Performance  Computing.  To  put  a  Dell  HPCC  to  work  for  your  business,  call  1-866-257-3355  or  click  Dell.com/hpcc. 


High  performance  computing  that  can  lower  TCO.  Easy  as 


Click  www.dell.com/hpcc  Call  1-866-257-3355 

toll  free 

Service  may  be  provided  by  third-party.  Technician  will  be  dispatched  if  necessary  following  phone-based  troubleshooting.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell  U  S  only.  Intel,  tf-o  i  n 
logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  Dell,  the  Dell  logo  and  PowetEdge  are  registered  trademarks  of  the  Dell  Computer  Corporation  ©2003  Dell  Computer  Corporation  All  rights  reserved 
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VCON’s  IPNexus 

Enterprise  IM 
and  collabora¬ 
tion  gets 
smarter  and 
easier 
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ompanies  concerned  about  security  threats  with  public  instant-messaging 
services  are  looking  at  enterprise  instant-messaging  products  as  a  way  to 
allow  for  real-time  text  communications  without  sacrificing  security  and 
manageability  A  product  on  the  short  list  for  companies  should  be  VCON’s 
IPNexus  system.  IPNexus  is  independent  of  existing  enterprise  messaging  infrastruc¬ 
tures  (others  include  i3Connect’s  Merlin  andTipic’s  Instant  Messaging  Platform). This 
differs  from  Microsoft’s  Exchange  2000  IM  services  and  IBM’s  Lotus  Sametime. 


The  IPNexus  system  supports  instant  text  messaging,  and  can  escalate  to  real-time, 
full-featured  collaboration  sessions.  From  the  same  user  interface,  users  can  launch 
and  manage  point-to-point  or  multipoint  H.323  videoconferences  (as  long  as  they 
have  a  camera  and  speakers).This  review  looked  only  at  the  real-time  messaging  and 
desktop  collaboration  tools. 

We  found  well-integrated  and  distinct  features  designed  to  support  real-time  desktop 
communication  and  collaboration. All  the  features  were  easy  to  use,  produced  imme¬ 
diate  results  and  promised  to  keep  electronic  meetings  focused  on  business  rather 
than  on  the  technology 

Installation  and  configuration 

The  IPNexus  1.5  system  consists  of  a  tower  or  rack-mount  appliance  that  runs 
VCON’s  Multimedia  Exchange  Manager  (MXM)  Release  3.1  software  and  IPNexus  ser¬ 
ver  software  on  a  Windows  2000  platform.  It  also  comes  with  a  client  application,  a 
2.5M-byte  program  that  installs  on  users’  PCs. 

An  IPNexus-specific  file  (“WebShare  class”)  must  be  installed  in  a  directory  where 
the  server  application  consistently  can  access  local  or  remote  FTP  and  Web  server  vir¬ 
tual  directories  and  services.  FTP  and  Web-access  configuration  experience  is  helpful 


Net  Results 


VG0N  IPNexus 


Company:  VCON,  (800)  418-5328,  www.vcon.com/products/ 
servers/IPNexus  Cost:  $12,000  for  25-user  tower  system  with  1- 
year  software  maintenance  contract,  administration  tools  (MXM 
3.1)  and  unlimited  client  installations;  $14,000  for  equivalent 
configuration  in  rack-mountable  server.  Licenses  for  additional  concurrent 
registrations  available  in  eight  levels;  $68/concurrent  user  for  1,000-concurrent- 
user  license.  Pros:  Turnkey  product;  easy  to  use  for  instant  text  communications 
and  ad  hoc  or  scheduled  desktop  collaboration;  very  low  latency;  numerous 
messaging  and  conferencing  tools  support  wide  range  of  individual  preferences 
and  collaboration  without  disrupting  business  processes.  Cons:  Not  integrated 
with  other  enterprise  messaging,  calendaring  or  productivity  applications;  no 
buddy  list;  limited  administrative  options. 


4.1 

RATING 


I  \  • 


What's  the  score? 


IPNexus 


Features  50% 

5 

Management/administration  20% 

3 

Installation  20% 

3 

Documentation  10% 

4 

TOTAL  SCORE 

4.1 

Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this 
category.  Defines  the  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room 
for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this 
category.  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
seme  ft  -itures  or  lower  performance  than  other  products  orthan  expected.  1:  Consistently  subpar, 
or  'acking  features  being  reviewed. 


for  proper  installation,  and  administrator-level  rights  to  FTP  and  Web  servers  must  be 
given  to  receive  the  IPNexus  files. 

The  IPNexus  client  software  runs  on  any  Windows  95  or  later  operating  system,  and 
it  installed  without  fanfare.  It  configured  easily  letting  the  user  select  which  IPNexus 
server  the  application  should  register  to  (the  client  can  only  register  to  one  server  at 
a  time). The  client  also  lets  users  select  a  screen  name,  or  use  a  system  login  name, 
and  lets  them  set  personal  preferences,  such  as  the  client  behavior  when  invited  by 
the  server  to  join  a  session. Then  the  client  quietly  parks  itself  in  the  system  tray  until 
called  on.  Clients  can  be  installed  on  any  number  of  PCs  in  a  corporation,  but  an  MXM 
license  key  controls  the  number  of  simultaneous  clients  any  single  IPNexus  server  will 
register  (concurrent  logons).The  MXM  is  a  mature  “super  Gatekeeper”  and  application 
server,  and  has  many  valuable  management  and  administration  features.  It  is  a 
required  component  of  IPNexus. 

Client  applications 

The  IPNexus  client  application  includes  instant  messaging,  QuickNotes  and  Quick- 
Polls  —  we  found  them  very  easy  to  use.Double-clicking  on  the  system  try  icon  dis¬ 
plays  the  clients  directory  and  session  initiation  console,  which  lists  the  names  of  the 
users  alphabetically  by  name  or  department.  We  were  disappointed  that  we  couldn’t 
organize  users  as  in  a  buddy  list.Also  the  concept  of  “presence,”  indicating  when  bud¬ 
dies  are  active  or  inactive,  is  missing  from  the  IPNexus  directory  paradigm. 

After  selecting  one  or  more  names  from  the  directory,  the  user  clicks  on  a  button  to 
create  an  instant  virtual  room  for  a  chat  session.  Invitees  can  accept  or  decline  the 
invitation.  Chat  users  can  change  font  type, size,  and  color  (as  well  as  bold,  italic  and 
underline)  in  their  messages.  Sound  effects  can  be  added,  which  enhances  commu¬ 
nications  similar  to  the  way  emoticons  (happy  face,  sad  face  and  the  like)  are  sup¬ 
ported  in  most  public  instant-messaging  clients. 

The  QuickNote  application  lets  users  create  a  “sticky  note”  that  disappears  from  the 
sender’s  screen  and  appears  on  the  recipient’s  screen  where  it  “floats”  on  the  desktop 
until  the  recipient  closes  the  note  or  replies.  The  QuickFbll  application  lets  the  user 
create  True/False  questions  and  multiple-choice  polls,  such  as  “What  would  you  pay 
for  this  product?  A)$0.00  B)$25.00  C)$250.00.”This  is  a  very  easy  applet  to  use  and  an 
effective  way  to  quickly  get  feedback  without  interrupting  colleagues’ workflow. 

Meatier  features 

The  range  of  integrated  features  for  Web  conferencing  and  collaboration  propel 
IPNexus  up  the  list  of  enterprise  instant-messaging  products.  Any  company  that  con¬ 
sistently  uses  commercial  Web-conferencing  services  (such  as  WebEx,  Placeware  or 
Raindance)  for  small  interactive  group  events  (customer  presentations  or  workgroup 
meetings)  will  quickly  appreciate  the  collaborative  features  of  the  IPNexus  system. 
Having  the  server  in-house  can  significantly  reduce  recurring  expenses  associated 
with  the  Web-conferencing  services.  (See  sidebar,  page  37)  We  found  IPNexus  much 
easier  to  use  and  more  responsive  for  ad  hoc  or  scheduled  meetings  than  applications 
offered  by  commercial  hosted  services,  Microsoft  NetMeeting  or  Windows  XP-based 
Windows  Messenger  tools  —  even  on  a  heavily  loaded  server. 

Dragging  and  dropping  a  file  from  a  local  directory  onto  the  IPMessenger  text 
chat  portion  of  the  application  has  two  immediate  outcomes:  it  sends  the  file  via 
FTP  to  the  preconfigured  FTP  server  (from  which  other  participants  can  download 
the  file  to  their  local  systems)  and  it  creates  an  HTTP-friendly  version  of  the  file.The 

See  IPNexus,  page  37 
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■  BY  PAUL  FERRILL 

Having  users  get  their  e-mail  while  on 
the  road  is  a  big  challenge  for  small  and 
midsize  companies  that  don’t  have  a 
remote-access  system  such  as  dial-up 
modems  or  hardware/software  VPN  over 
the  Internet.  Windows  XP  ships  with  a 
remote  control  feature,  but  there  are  secu¬ 
rity  risks  that  many  wouldn’t  be  comfort¬ 
able  with,  such  as  the  potential  for  mali¬ 
cious  use  of  the  Remote  Assistance  fea¬ 
ture  intended  to  let  someone  trou¬ 
bleshoot  your  machine  remotely. 

The  LapLink  Everywhere  service  hopes 
to  answer  the  call  for  remote  access  in  a 
simple,  secure  and  inexpensive  fashion. 
The  basic  subscription  service  lets  you 
access  up  to  three  computers  remotely 
The  company  also  sells  a  corporate  ver¬ 
sion  for  larger  companies. 

LapLink  Everywhere  takes  a  slightly  dif¬ 
ferent  approach  than  other  service-based 


LapLink's  LapLink  Everywhere 


offerings  such  as  GoToMyPC.  LapLink 
Everywhere  installs  a  small  agent  on  the 
machine  that  you  want  the  remote  user  to 
connect  to.  The  agent  reads  the  Outlook 
files  to  provide  access  to  e-mail,  contacts, 
calendar,  notes  and  tasks,  and  then  com¬ 
municates  with  a  server  (the  MyLapLink. 
com  Web  site)  over  a  secure  link.  It  also 
provides  access  to  local  files  and  remote 
database  applications. 

To  connect  to  a  remote  computer  (say 
you  want  to  connect  remotely  to  your  home 
computer),  the  computer  must  have  an 
“always  on”  connection  such  as  DSL  or 
cable  modem.  In  contrast,  GoToMyPC  imp¬ 
lements  a  remote  control  program  that  lets 
you  remotely  access  your  machine  as  if  you 
were  sitting  in  front  of  it. 

The  LapLink  Web  interface  is  very  clean, 
with  a  list  of  functions  on  the  left  side  and 
a  large  working  area  displaying  the  cur¬ 
rent  application  (tasks, calendar, e-mail)  in 
the  main  part  of  the  screen. 


Migrating  through  multiple  firewalls  is 
no  problem  for  LapLink  Everywhere.  We 
installed  the  product  on  a  desktop  behind 
a  NetGear  router  that  implements  network 
address  translation  and  a  firewall.  In¬ 
stalling  the  software  and  connecting  to 
the  LapLink  server  took  less  than  5  min¬ 
utes.  We  were  able  to  access  the  machine 
from  a  variety  of  outside  locations,  includ¬ 
ing  several  behind  a  very  strong  firewall. 
Every  location  we  tested  from  worked 
without  a  problem. 

LapLink  Everywhere  also  comes  with 
basic  monitoring  tools  that  show  connec¬ 
tion  requests,  active  connections,  e-mail 
and  e-fax  activities,  file  transfers,  pro¬ 
cessed  forms  and  database  requests.  All 
this  information  is  maintained  on  the 
local  computer  and  is  available  through 
the  client  interface. 

Overall,  the  program  provides  remote 
access  very  well,  although  you  still  might 
want  to  consider  the  security  implications 


LapLink  Everywhere 


LapLink 
Bothell,  Wash. 
www.laplink.com 


Cost:  $89  per  user  per  year. 

Pros:  Easy  to  use,  secure  remote 
access  to  e-mail,  contacts, 
calendar  and  files;  uses  standard 
Web  protocols  and  a  Web 
browser;  no  problem  with 
firewalls. 

Cons:  Target  computer  must  be  left  on 
—  could  be  a  security  problem 
for  some  operating  systems. 


of  leaving  your  desktop  computer  running 
all  the  time. 

Ferrill  can  be  reached  at  Paul.Ferrill@ 
verizon.net. 


IPNexus 

Continued  from  page  36 


HTTP  version  appears  as  a  URL  in  the  text 
chat  window.  The  IPSnapShot  application 
lets  a  user  select  an  area  of  the  screen  and 
convert  it  to  a  JPEG  image  for  chat  session 
users  to  see. 

We  were  impressed  by  the  intuitiveness 
and  low  latency  of  these  features.  Com¬ 
pared  with  other  technologies  we’ve  evalu¬ 
ated,  using  IPNexus  for  desktop  conferenc- 


Considering  the 
payback  behind 
IPNexus  servers 


If  your  company  spends  $1,000 
(for  2,000  minutes  of  conferenc¬ 
ing  services,  at  50  cents  per 
minute  per  user)  per  month,  the  IP¬ 
Nexus  server  would  be  paid  for  in  12 
months,  on  the  basis  of  avoiding 
recurring  service  costs.  If  your  com¬ 
pany’s  employees  reduce  their  use  of 
e-mail  and  voice  mail  as  a  result  of 
access  to  text  chat  and  instant  mes¬ 
saging,  you  might  want  to  include 
deferring  the  expense  of  increasing 
messaging  capacity.  Companies 
thinking  about  return  on  investment 
also  should  consider  the  cost  savings 
or  revenue-generating  results  of 
faster  and  more  informed  decision¬ 
making  among  collaborators. 

—  Christine  Perey 


ing  is  virtually  instantaneous  and  diverts  lit¬ 
tle  attention  from  the  meeting. We  also  were 
impressed  that  these  sessions  were  essen¬ 
tially  peer  to  peer.  Within  a  session,  partici¬ 
pants  can  use  any  of  the  applications  at 
their  disposal  without  requesting  and  wait¬ 
ing  for  the  server  to  transfer  control,  or  wait¬ 
ing  for  someone  to  upload  a  file  to  the  host 
server.  Except  for  the  file  transfer  feature,  all 
the  contents  of  the  meeting  remain  on  the 
local  participant’s  system. 

Security,  Authentication,  Archives 
and  Auditing 

Configuration  and  administration  win¬ 
dows  are  password-protected  on  the  IP¬ 
Nexus  server  (through  the  MXM  manage¬ 
ment  console). When  the  server  is  inside  a 
firewall,  the  messaging  traffic  does  not 
expose  a  company  to  the  same  security 
threats  posed  by  public  instant-messaging 
services.  Remote  users  connect  to  the  ser¬ 
ver  over  a  VPN,  and  are  exposed  at  the 
same  level  as  e-mail  traffic  over  the 
Internet  (the  message  traffic  itself  is  not 
encrypted). 

However,  when  the  server  registers 
clients,  it  does  not  require  a  password.  A 
user  on  an  intranet  or  the  Internet  could 
obtain  the  IP  address  of  an  IPNexus  server 
and  register  under  a  false  screen-name, 
causing  other  users  registered  to  the  same 
server  to  not  be  able  to  distinguish  friend¬ 
ly  users  from  hostile  ones. 

As  is  industry  norm,  IPNexus  1.5  does  not 
generate  an  activity  log,  capture  activity 
between  users  to  an  archive  or  support  any 
form  of  traffic  auditing.  Even  when  these 
features  are  built  into  instant-messaging 
products,  their  use  has  been  for  specific 
financial  applications,  and  most  users  feel 
uncomfortable  knowing  or  learning  that 


How  we  did  it 


We  connected  the  self-contained  IPNexus  tower  server  and  assigned  it  an 
internal  IP  address  via  Ethernet  network  to  a  BayStack  350 T  Switch. 
Configuration  of  FTP  and  Web  services  was  performed  on  the  local  server 
fortesting  purposes;  however,  we  separately  registered  clients  viaT-1  (through  a 
network  address  translation  device  in  one  case  and  a  VPN  client  in  another)  with 
two  Internet- based  IPNexus  demonstration  servers  to  test  WebShare  features  and 
compare  feature  performance  on  servers  located  across  the  country  (23  hops 
between  California  to  Atlanta  during  business  hours)  and  on  a  server  with  more 
than  50  simultaneous  users. 

IPNexus  client  software  was  installed,  and  tests  were  conducted  with  Windows 
98  SE,  Windows  2000  Professional,  Windows  XP  Home  Edition  and  Windows  XP 
Professional  operating  systems. 


their  sessions  are  monitored  and  archived.  A 
organization  that  needs  to  monitor  instant¬ 
messaging  traffic  for  Security  and  Exchange 
Commission  regulations,  for  example, 
couldn’t  monitor  traffic  with  this  product. 

Documentation  and  conclusion 

Because  the  applications  conform  to 
Microsoft  Windows  conventions,  the  IP¬ 
Nexus  Getting  Started  Guide  was  sufficient. 
Although  not  necessary  for  the  instant  mes¬ 
saging  and  collaboration  features,  a  detailed 
and  useful  MXM  Administrator’s  guide  is 
included  with  the  system. 

We  think  the  IPNexus  system  represents  a 
significant  addition  to  VCON’s  portfolio.  We 
think  it  will  appeal  to  companies  seeking 
an  alternative  to  public  instant-messaging 
services,  and  offers  some  relief  from  com¬ 
mercial  conferencing  service  providers’  fee. 
We  believe  that  the  system’s  turnkey  pack¬ 
aging  and  architecture  would  appeal  most 
to  workgroups, small  or  midsize  customers. 


Perey  is  president  of  Perey  Research  & 
Consulting,  a  market  research  and  business 
development  consulting  company  helping 
companies  design  and  deliver  networked 
multimedia  solutions  to  market  for  en¬ 
hanced  enterprise  communications.  She 
can  be  reached  at  cperey@perey.com. 


■  Perey  also  is  a  member  of  the  Net¬ 
work  World  Global  Test  Alliance,  a  coopera¬ 
tive  of  the  premier  reviewers  in  the  net 
work  industry,  each  bringing  to  bear  ywrs 
of  practical  experience  on  every  review.  El¬ 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 
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Barry  Nance 


Documentation  isn't  what  it  used 

M 


to  be 


aybe  it’s  just  nostalgia,  but  I  recall  a 
time  when  vendors  made  sure  you 
got  good  quality,  printed  documen¬ 
tation  with  the  hardware  and  software  you 
purchased.  Novell  used  to  provide  a  ton  of 
books  with  NetWare. When  Borland  Inter¬ 


national  released  its  $100  TurboC  product 
17  years  ago,  the  company  wisely  ex¬ 
pended  a  good  deal  of  effort  to  ship  excel¬ 
lent  documentation  with  the  product.  And 
the  Netscape  Enterprise  Server  documen¬ 
tation  was  —  and  continues  to  be  — 
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Voice  over  IP:  the  Right  Time  for  r  Rollout 


One  in  five  Network  IT  Executives  has  already  implemented  voice 
over  IP!*  This  signals  that  convergence  is  a  go!  Now  it’s  your  turn 
to  merge  the  worlds  of  voice  and  data  and  reap  the  many  benefits 
of  voice  over  IP.  Find  out  which  products  are  mature  enough  for 
deployment.  Learn  how  to  convince  corporate  management  that 
the  time  and  money  you'll  save  on  infrastructure  and  staff  is  worth 
the  investment.  It's  time  to  get  serious  about  convergence. 
Attend  Network  World's  FREE  "Voice  over  IP:  The  Right  Time  for 
a  Rollout"  event. 

* Source  Network  World  5 00  Study.  2002 


Successful  VoIP  Rollout  Keys: 

Develop  a  business  case  for  voice  over  IP 
Identify  the  key  voice  over  IP  applications 
Tackle  security  concerns 

Deploy  a  voice  over  IP  network  in  the  LAN  or  WAN 


Event  Moderator 

Steve  Taylor,  President 
Distributed  Networking  Associates 

Register  Now! 

Seating  is  limited  to  qualified  participants. 

www. networkworld.com/events/voip/register.jsp 
or  call  1-800-643-4668. 

Bonus! 

Attend  and  have  a  chance  to  win  a  $100  American  Express  Gift  Cheque,  awarded  for  the 
Best  Question  of  the  Day !  You  must  be  present  at  the  3  p.m.  drawing  to  win. 


This  event  is  limited  to  qualified  IT  professionals  currently  involved  in  the 
evaluation  and  purchase  of  voice  and  data  products  and  services.  Network  World 
reserves  the  right  to  determine  total  audience  profile 
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To  sponsor  this  event  or  if  you  are  interested  in  on-site  training,  contact  Andrea  D‘ Amato  at  (S08)  490-6520  or  adamato@nww.com. 
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Schaumburg  Marriott 

breathtaking  in  its  clarity  and  usefulness. 

Unfortunately,  the  number  of  vendors  that 
supply  clear,  easy-to-follow  hard-copy  ex¬ 
planations  of  how  to  use  their  products  is 
declining. 

Good  documentation  isn’t  everything,  of 
course. You’ve  likely  noticed  most  Network 
World  reviews’  scorecards  appropriately 
give  documentation  a  lower  weight  than 
ease  of  use,  accuracy,  reporting  or  perfor¬ 
mance.  Nonetheless,  good  documentation 
is  important  not  only  because  it  explains 
how  to  use  the  product,  but  also  because  it 
serves  as  the  first  line  of  defense  when  a 
company  experiences  IT  employee  turn¬ 
over  and  new  folks  have  to  fill  old  shoes. 

Good  documentation  typically  consists 
of  a  clearly  written,  comprehensive  and 
descriptive  user  guide  along  with  a  techni¬ 
cal  reference  manual.  A  quick-start  guide  is 
icing  on  the  cake.  Context-sensitive  links 
are  helpful  for  the  online  version  of  the 
documentation. Good  English  is  important, 
as  is  a  thorough  index.The  documentation 
should  identify  a  product’s  components, 
explain  its  benefits,  show  how  to  use  the 
product  and  contain  practical  examples 
and  illustrations. A  hard-copy  version  of  the 
documentation  should  be  available  for 
customers  who  want  it. 

Our  network  management  systems  re¬ 
view  (www.nwfusion.com,  DocFinder: 
3731)  points  to  the  manuals  that  Lucent 
provides  with  VitalSuite  to  be  a  shining 
example  of  the  kind  of  useful,  helpful  and 
informative  documentation  that  other  ven¬ 
dors  should  strive  for.  In  contrast,  Fluke 
Networks’  user  guide  for  its  OptiView  hand¬ 
held  network  testing  tool  (DocFinder: 
3730)  discusses  how  to  recharge  the  bat¬ 
tery  and  use  the  touch-screen  based  ver¬ 
sion  of  Windows,  but  it  stops  far  short  of 
describing  how  to  use  the  OptiView  soft¬ 
ware.  It  doesn’t  even  identify  the  reports 
OptiView  can  generate.  SilverBack  Technol¬ 
ogies’  InfoCare  (DocFinder:  3732)  docu¬ 
mentation  is  fairly  clear  but  only  available 
online.  Moreover,  the  InfoCare  manuals  are 
PDF  files,  which  makes  them  impervious  to 
context-sensitive  use. 

The  reasons  for  poor  or  nonexistent  doc¬ 
umentation  are  many  A  vendor  might  say  it 
can  sell  at  a  lower  price  because  it  hasn’t 
spent  money  creating  good  documenta¬ 
tion.  Another  vendor  might  tell  you  not  to 
worry  about  the  lack  of  documentation  be¬ 
cause  it’ll  gladly  send  system  engineers  to 
your  site  to  train  your  people. Yet  another 
vendor  might  claim  that  its  user  interface  is 
so  intuitive  you  won’t  need  documenta¬ 
tion.  All  too  often,  a  vendors  engineers 
focus  only  on  the  hardware  or  software 
and  think  they’ve  finished  making  the 
product  when  they’ve  completed  testing  it. 

These  excuses  are  unacceptable,  and  I 
don’t  want  to  hear  them.  I  simply  want  to 
clearly  understand  how  to  use  a  product. 

Nance,  a  software  developer  and  consul¬ 
tant,  is  the  author  of  Introduction  to  Net¬ 
working, 4th  Edition  and  Client/Server  LAN 
Programming.  He  can  be  reached  at  bar 
ryn@erols.com. 
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Auditors 

A  new  law  is  bringing 

fltfilfiffiS . 

■  buSINEss  justification 

’  ascension 

the  IT  security  auditor  out  of  the  wiring  closet  and  into  the  boardroom. 

■  BY  ELLEN  MESSMER 

The  IT  auditor,  whose  security-related  job  is  watching  over  IT  sys¬ 
tems  and  corporate  employees  for  signs  of  trouble,  was  once  seen 
as  the  techie  office  curmudgeon.  But  after  last  year’s  financial 
accounting  scandals,  the  IT  auditors  status  is  rocketing  in  the  role 
as  key  adviser  to  upper  management. 


Usually  found  in  the  information  security 
department,  the  IT  auditor  is  being  invited 
to  spend  more  time  with  the  top  business 
management  and  the  audit  committees  of 
the  board  of  directors,  who  are  anxious  to 
be  assured  that  things  are  all  right. 

While  heightened  concerns  over  security 
and  terrorism  accounts  for  some  of  IT 
auditors  new  sheen,  there’s  also  another 
reason:  the  freshly  minted  law  known  as 
the  Sarbanes-Oxley  Act  puts  more  pres¬ 
sure  on  upper  management  to  vouch  for 
“internal  controls,”  with  specific  sections 
related  to  information  auditing. 

The  Sarbanes-Oxley  Act  was  pushed 
through  Congress  and  signed  into  law  by 
President  Bush  in  response  to  last  years 
billion-dollar  accounting  scandals  and 


bankruptcies  at  Enron, WorldCom  and  oth¬ 
ers.  Now  being  turned  into  a  Securities 
and  Exchange  Commission  regulation,  the 
new  law  affects  myriad  financial  account¬ 
ing  practices.The  act  also  requires  that 
managers  vouch  for  the  internal  controls 
the  company  places  over  areas  that  in¬ 
clude  transactions,  electronic  information 
and  communications. 

“The  foundation  of  a  good  audit  requires 
that  you  deal  with  these  things,” says  Kevin 
Price,  CFO  at  Ernst  &  Youngs  eSecurity 
Online  division  in  Kansas  City  Mo.“For  the 
first  time, you  will  be  required  to  issue  an 
opinion  about  this  at  the  SEC.The  auditor 
will  have  to  make  sure  that  managements 
assertion  is  accurate.” 

As  a  consequence,  the  Sarbanes-Oxley 


legislation  is  expected  to  bring  the  IT  audi¬ 
tor  out  of  the  wiring  closet  and  into  the 
boardroom. 

Auditing  committees,  which  typically 
meet  four  times  per  year,  are  devoting  an 
increasing  amount  of  their  time  to  IT 
auditing,  according  to  Lawrence  Harring¬ 
ton,  vice  president  and  chief  audit  execu¬ 
tive  at  office-supplies  retailer  Staples  in 
Framingham,  Mass. 

“Audit  committees  today  are  spending  as 
much  as  25%  of  their  time  on  IT  technolo¬ 
gy  issues,”  Harrington  says.“The  audit 
members  are  being  told  that  information 
security  is  on  the  top  of  the  list.” 

Typically  IT  auditors  have  job  experience 
in  computer  and  telecom  systems,  honing 
their  skills  in  security  They  establish  their 
credentials  through  professional  certifica¬ 
tion  programs,  including  those  from  the 
Information  Systems  Audit  and  Control 
Association  (ISACA). 

Through  ISACA,  security  professionals 
can  earn  the  Certified  Information  Sys¬ 
tems  Auditor  (CISA)  accreditation. To  date, 
more  than  20,000  IT  auditors  have  passed 
the  CISA  exam.  Other  programs  include 
the  SANS  Institute’s  Systems  and  Network 
Auditor  credential  offered  under  the  SANS 
Global  Information  Assurance  Certifica¬ 
tion  program.  IT  auditors  also  might  have 
college  degrees  in  accounting. 

Many  IT  auditors  agree  that  their  skills 
are  in  demand  as  new  regulations  emerge. 

“For  instance,  there’s  a  new  rule  in  the 
New  York  Stock  Exchange  that  requires  an 
internal  audit  as  opposed  to  outsourcing 
the  audit,”  says  Stephen  Konopo,  assistant 
vice  president  of  internal  audit  for  Mizuho 
Capital  Markets  in  New  York. 

But  beyond  just  new  regulatory  require¬ 
ments,  Konopo  has  found  his  company  is 
using  IT  audits  as  a  way  to  look  for  effi¬ 
ciencies  in  operations.  That’s  because  IT 
auditing  entails  keeping  track  and  periodi¬ 
cally  inspecting  software, services  and  per¬ 
sonnel  for  security  reasons. There’s  the 
growing  presumption  that  the  IT  auditor 
should  have  a  strong  understanding  of  the 
organization’s  business. 

Many  IT  auditors  are  already  well-con¬ 
nected  in  the  boardroom.  Jim  Gager,  CISA 
in  the  technology  services  division  of 
Lenexa,  Kan.,  data  processor  systems 
provider  Jack  Henry  &  Associates,  says  he 


reports  to  the  audit  committee,  which  is 
part  of  the  board  of  directors. 

But  as  IT  auditors  step  into  the  board- 
room  more  often,  it’s  important  to  learn  to 
speak  the  language  of  management,  some 
auditing  professionals  say 

“One  criticism  of  the  IT  field  over  the 
years  has  been  that  they  often  talk  above 
their  audience,” says  Staple’s  Harrington. 
“They  speak  in  a  language  that  the  audit 
committee  or  the  business  committee 
doesn’t  understand.  We  fall  into  our  own 
jargon.  We  need  to  speak  management’s 
language.”That  means  taking  the  time  to 
learn  the  business  at  hand,  not  just  IT,  but 
the  operations,  finance  and  marketing. 

Some  industries,  including  banking  and 
healthcare,  face  IT  auditing  regulations 
that  might  be  stricter  than  other  sectors.  In 
banking,  for  example,  IT  auditors  must 
ensure  their  companies  comply  not  only 
with  newer  Sarbanes-Oxley  rules,  but  sev¬ 
eral  more,  including  those  of  the  Federal 
Financial  Institutions  Examination  Council 
(FFIEC).  FFIEC  is  a  multi-agency  group 
that’s  empowered  to  prescribe  uniform 
standards  and  inspect  financial  institu¬ 
tions  as  a  public  safeguard. 

So  how  do  IT  auditors  go  about  putting 
in  place  the  internal  controls  for  IT  policy 
and  systems  use  that  are  now  highlighted 
in  the  Sarbanes-Oxley  Act  and  that  call  for 
documentation  of  auditing  practices? 

Many  IT  auditors  begin  with  the  philoso¬ 
phy  of  “IT  governance,”  the  notion  es¬ 
poused  by  ISACA  that  both  people  and 
machine  processes  must  be  clearly 
defined  on  paper  to  start.This  lets  manage¬ 
ment  be  informed  of  what’s  occurring 
inside  their  organizations  in  order  to  back 
the  necessary  audits  of  Web  pages,  fire¬ 
walls,  laptops,  disaster  recovery  privacy 
safeguards,  passwords,  e-mail  and  more. 

Whatever  the  choice,  IT  auditors  should 
be  aware  that  “the  developing  of  policy 
should  be  at  the  direction  of  senior  man¬ 
agement,”  says  Paul  Hugenberg,CISA,IT 
audit  office  at  Sky  Financial  Group  in 
Bowling  Green,  Ohio. 

And  in  an  era  in  which  there  still  is  con¬ 
siderable  outsourcing  of  operations,  it 
makes  sense  to  include  a  clause  in  out¬ 
sourcing  contracts  that  the  corporate  FT 
auditor  has  the  right  to  audit  the  out¬ 
sourcers’ systems  as  well.B 


Auditing  by  the  book 

Here  are  some  key  references  to  consult  when  developing  IT 
auditing  policies: 

•  CobiT 

Published  by  the  ISACA,  the  document  known  as  Control  Objectives  for 
Information  and  RelatedTechology  (CobiT)  focuses  on  IT  governance  and 
developing  a  framework  based  on  37  processes  that  can  achieve  more  than 
300  control  objectives  related  to  system  security. 

•  British  Standard  1799/IS0 17799 

A  British  standard  that  became  an  International  Standards  Organization  one 
too,  ISO  17799  —  still  often  called  BS  1799  —  defines  a  code  of  practice  for 
information  security,  assessing  risk,  selecting  controls  and  developing  guidelines 
for  access  control,  systems  development,  business  continuity,  communications, 
personnel  and  compliance. 

•  GAO  Accounting  and  Information  Management 

The  U.S.  government  agency,  the  General  Accounting  Office,  defines  practical 
procedures  for  risk  assessment  in  the  areas  of  personnel,  facilities  and 
equipment,  applications,  communications,  software  and  operating  systems. 


Available  in  single  and  eight  channel  versions  www.digitalv6.com  Resellers  and  Distributors  welcome 


mum 


Remote  Client 


Met/®  m  0  n 


Servers 


&  i/e/7i  an 

COMPLETE  KVM  CONTROL  VIA  TCP/IP 


CONTROL  KEYBOARD,  VIDEO  AND  MOUSE  REGARDLESS  OF  LOCATION 

With  the  Kaveman  networking  device,  you  can  remotely  control  servers,  either  over 
the  Internet  or  a  local  network,  down  to  the  BIOS  level. 

ACCESS  SERVERS  USING  A  WEB  BROWSER  OR  VNC 

All  you  need  to  operate  Kaveman  is  a  web  browser  or  VNC  on  the  remote  client.  No 
additional  software  is  required.  And  no  software/users  licenses  help  keep  your  costs 
down. 

REMOTELY  CONTROL  POWER 

Through  the  user-friendly  Kaveman  GUI,  you  can  control  the  power  of  up  to  eight 
devices. 

AUTOMATICALLY  MONITOR  SERVER  ACTIVITY 

Kaveman  automatically  monitors  critical  server  vitals  such  as  power,  video,  and 
keyboard  response;  it  alerts  you  to  crashes  and  enables  you  to  quickly  respond  to 
problems. 
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There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


Expert 

Observer 

* 2895 


Observer 

Suite 

*3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 


•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 


Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 


Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 


If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  lor  a  full-featured  evaluation: 


www.NETWORKINSTRUMENTS.com 


US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  A  Europe  +44  (0)  1959 
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On-Command  Power  Switching  for  y§ 
Network  Equipment...  from  Anywhere 


Applications: 

Remote  Power  Management 
X  Servers 

X  Routers  Firewalls  DSU/CSU's 
X  Web  Cams 

Turn  On/Off  any  AC  or  -48VDC 
Powered  equipment  via  telnet, 
modem  or  local  terminal. 

Electronic  equipment  sometimes  "locks- 
up"  requiring  a  service  call  just  to  flip 
the  power  switch  to  do  a  simple  reboot. 
With  WTI  Remote  Power  Switches  you 
have  the  ability  to  perform  this  function 
from  anywhere  on  the  LAN/  WAN,  or  if 
the  network  is  down,  to  simply  dial-in 
from  a  modem  for  out-of-band  control. 

For  over  a  decade  WTI  has  been 
leading  the  way  in  Remote  Power 
Switching  technology  offering  more 
products  choices  for  small  or  large  scale 
remote  management  strategies. 

Our  switches  are  now  installed  in 
thousands  of  sites  world  wide.  Our 
customers  know  they  can  depend  on 
our  superior  quality  and  reliability  for 
their  most  mission-critical  operations. 


EIGHT  PLUG  -  DUAL  BUS 


TWO  PLUGS  -  LOW  COST 


NPS 


( 2 )  Dual  15  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  User  plus  Admin  Security  Features 
©  1 1 5 VAC  and  230VAC  Models 


©  Two  Addressable  Plugs 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  1 1 5 VAC  and  230VAC  Models 
©  Manual  on/off  Buttons 

DUAL  BUS  -48VDC 


NPS-2HD 

©  Ideal  for  CISCO  6500/7500 
©  Dual  20  Amp,  115VAC  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 


CODE  ACTIVATED  - 
EXPANDABLE 


RPC-4840 

©  Dual  -48VDC,  40  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  On/Off/Reboot  Switching 

FIVE  CIRCUIT 
-48VDC  POWER  BAR 


HIGH  CURRENT  -  DUAL  BUS 


Yes,  we  are  customer  friendly! 

X  Two  year  warranty 
X  We  stock  for  same  day  shipment 
X  30  day  return  policy 
X  Start-up  cables  and  rack  ears  included 

Want  an  on-line  demo? 

Just  call  or  e-mail  and  you'll  see  for 
yourself  why  so  many  network 
professionals  choose  WTI. 


©  Five  Individually 
Switched  Circuits 

©  Switch  -48VDC,  12  Amps 
each  Circuit,  30  Amps  Total 

©  Also  Available  in  115VAC 
and  230VAC  Models 

www.wti.tom  (860)  854-722$  \ 
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©  Single  10  Amp  Circuits 

©  Expandable  to  10  Individually 
Switched  Plugs 

©  RS232  Control  Port 
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Keeping  the  Net...WorkL 
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Connects  to  standalone  computers  or  any  KVM  switch 
High  quality  16-bit  video  at  up  to  1280x1024  resolution 

Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

Encrypted  communication  produces  highly  secure  operation 
Scaling  and  scrolling  features  for  maximum  flexibility 
Single  mouse  cursor  simplifies  user  interface 
See  four  servers  from  one  screen  with  quad  screen  mode 
Lifetime  free  flash  upgrades 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 


The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 


Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 


Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


WWW.ROSE.COM 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44(0)  1264  850574 
+617  3427  5353 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 
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Check  your  network  time  synchronization 
now!  Download  the  free  LMCheck.exe 
from  our  web  site  to  check  the  clocks  on 
your  network. 


IF  YOU’RE  STILL  USING  INTERNET  CLOCKS 
TO  RUN  YOUR  NETWORK, 

YOU’RE  LOSING  MORE  THAN  JUST  TIME. 

Time  inconsistencies  in  your  network  can  degrade  performance,  interrupt 
scheduled  operations,  and  create  inaccurate  server  logs.  Keeping  your 
network  tightly  synchronized  is  critical  to  quickly  recover  from  network 
crashes  and  effectively  deal  with  security  intrusions.  Unlike  public  Internet 
clocks  that  are  outside  of  your  firewall  and  can  lose  accuracy  over  WANs, 
TrueTime  Network  Time  Servers  ensure  reliable  network  operations  and 
accurate  log  file  correlation  when  you  need  to  troubleshoot  a  system  failure 
or  security  breach  by  keeping  workstations,  servers,  and  routers  in  sync. 


www.truetime.net 

1.888.367.7966 


Get  i  plhble,  accurate,  and  secure  synchronization  —  time  after  time 
Call  us  today  at  1.888.367.7966  or  visit  www.truetime.net 


Self-Paced  Computer  Training 


This  is  the  way  to  I  earn!" 
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•  Media-Rich  Content 

•  Challenging  Labs 

•  Comprehensive  Tests 

•  Practical  tr  Proven 


NETWORK  ‘  ONLINE  •  CD-ROM  •  VIDEO 
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security+  Certification  $265* 


reg.  $355 


Introductory  Offer!  Limited  Time! 


Network  +  4  Sessions  $  265  "«•*  355 

i-Net+  5  Sessions  $  315  res- 3  425 

Windows  XP  Professional  6  Sessions  $  370  ™o  *  495 

Windows  2000  Network  Security  Design  3  Sessions  $195  rf>9- 5  265 

Cisco*  MCNS  6  Sessions  $  710  "«•*  9*5 


9  Sentry  POWER  TOWER  :  Vbur  Zero  U  Reboot  Solution 


Install  the  new  Sentry  Power  Tower  in 
your  data  center,  NOC  or  co-to  facility 
and  gain  the  advantage  of  remotely 
rebooting  up  to  16  of  your  equipment 
units  -  without  occupying  any  space  in 
your  rack  or  enclosed  cabinet 

Try  the  New  Sentry  Rower  Tower  In  your 
rack  or  cabinet  and  realize  the  benefits 
*f  of  Intelligent  Power  Distribution  and 
Remote  Power  Management 


See  our  complete  product  Hoe  at  wwwjervertech.com 
or  call  800^35.151$  ex  77jj&taooo 


16  remotely  addressable  power  outlets  — 
The  highest  density  evallable  of  any 
Remote  Power  Management  vertical  strip. 
30-amp  power  Input  feed  distributed 
across  16  outlets. 

Mounts  vertically  In  your  equipment  rack  or 
cabinet  and  requires  Zero  U  of  rack  space. 
Load  Sense  provides  real-time  current 
monitoring  in  the  remote  screen  Interface 
and  through  a  built-in  LED  display  for  on¬ 
site  measurement 

Power-up  sequencing  of  alt  16  outlets 
prevents  an  tn-rush  current  overload. 
Telnet  SNMP,  Modem  or  RS-232  Interfaces  for  easy, 
practical  and  secure  power  management  of  remote 
Internetworking  equipment. 


Another  gmat  product  from 

Server  Technology,  Inc 


O  2001  Sarwffcdvwfow  lac.  Seery  la  a  Marnik  of  Server  ^ TednotoQn  Inc. 


•  Low  cost,  complete  RMON  monitoring  tor  remote  sites  or 
segments. 

•  Software-only,  non-dedicated  data  collection. 

•  Pure,  full  RMON  1  and  2  support.  Complete  implementation  of 
both  RMON  1  and  2  for  Ethernet  (10/100)  and  Token  Ring  (4/16). 
Full  adherence  to  RFCs  1513,  1757,  2021  and  2074. 

•  Runs  as  a  service  on  Windows  NT/2000/XP. 

•  Works  with  ANY  RMON  management  console  or  collection  facility 

(Observer  .  OpenView  ,  Concord  ",  NetScout  ,  etc.). 

•  Compatible  with  Network  Instruments'  optimized  ErrorTrack"'  NDIS 
drivers  display  true  errors-by-station. 

•  Multiple  concurrent  network  interface  monitoring  (up  to  10). 


Why  pay  thousands  more  for  the  same  data? 

Call  800-526-7919  for  information,  or  see  our  web  site  at: 


www.networkinstruments.com 

©  2001  Network  Instruments.  LLC  -  Corporate  Headquarters  (952)  932-9899  FAX  (952)  932-9545 
UK  and  Europe  +44  (0)  1959  569880  FAX  +44  (0)  1959  569881  mfo@networkinstruments.com  www  networkinstruments  com 
Network  Instruments  and  the  'N'  logo  are  registered  trademarks  of  Network  Instruments,  LLC  Minneapolis.  MN  USA 


UJcjJJjLjO  ->“.^^0^7 


Contact  these  companies  today  to  help  you  with  your  training  needs! 

_ 


Boson  Training  ^ 

(813)  925-0700 
y  www.bosontraining.com 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
wireless,  CISSP 


Learn  key  Inc.  ^ 

(800)  865-0165 
I  www.leamkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


PMG  NetAnalyst 

(800)  645-8486 
I  www.NetworkTraining.com 
Network  Forensic  Analysis  and 
Security  Training  and  Services 

[ WKMN  Training 

(415)  586-1713 
I  www.wkmn.com/wireless 
Comprehensive  introduction  to 
wireless  networking. 


|  CBT  Nuggets,  lnc+ 

(541)  284-5522 
|  www.cbtnuggets.com 
IT  Certification  Videos 


Transcender 

(615)  726-8779 
£  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


George  Washington  Univ 

(202)  973-1175 
|  www.cpd.gwu.edu 
Oracle  MCSE  Network  Security 
UNIX/LINUX  I-Net  VB.Net  XML 


To  Place  Your  Listing 
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Call  Enku  Gut 
^  (800)  62 
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Maks  the  Smart  Choice, 
Trust  the  Experts ■ 


order  now:  310-416-1200 

or  visit 

www.ContiComp.com 


We  Specialize  In... 

Cisco  Systems 


Jftntinental  ■■■ 


COMPUTERS  Aw*  »9*4 


Authorized 
Reseller 

These  logos  are  a  trademark  o«  their  respective  companies  and  services 


The  Hub  of  the  Network  Buy 


js 


components 

— 1  Initwork  NARDWAM 


IT  Hardware  for  Less 


New  Overstock 

Open  Box 
Pre-Owned 
Discontinued 

WE  BUY  USED  CISCO 
&  SURPLUS  EQUIPMENT 

MBE  Certified  -  Woman  Owned 

11904  South  La  Cienega  Blvd,  Hawthorne,  CA  90250 
Tel  310  643.6021  •  Fax  310  643.6041  •  www.jecom.com 


renew 


§§3 


e j 


Tel:  408.727.1122 
Fax:  408.727.8002 


343  1  DE  LA  CRUZ  BLVD. 
WWW.RECURRENT.CDM 


technologies,  inc. 
SANTA  CLARA,  CA  95054 
INFD@RECURRENT.COM 


We  Buy  &  Sell 


-  '  •  i 


CISCO 

Juniper 

Extreme 


NEW-USED 
WE  BUY-WE  SELL 


JIB  caaeTRon 

5J  — sy™ 


Cuts  SrtTEai 


NEW  RITTAL  19"  CABINETS 
72/24/34  w/DOORS/SIDES  $650 
78/24/34  w/DOORS  $500 
78/24/34  w/DOORS/SIDES  $650 


800.451.3407 

Since  1965 

50-90%  Savings 
Fully  Guaranteed 
Overnight  Delivery 

networkhardware.com 


ERGONOMIC  ENTERPRISES,  Inc 
47  WERMAN  CT. 

PLAIN  VIEW  NY  11803 
1-877-4LAN-WAN  (452-6926) 
Int'l:  001-516-293-5200 
fx  516-293-5325 
www.4lanwan.com 

rich@4lanwan.com 


SERVER  ROOM 

Temperature 

Sensors 

EHSSEZHK  ^29- 

Multiple  Models  Including: 


THL-100 

(Battery  powered) 

THL-100  AC/ DC 

(Continuous  monitoring) 

THL-100  AC/ DC  Plus 

(Email  alarms) 


►  Records  Temperature,  Humidity  &  Light 

►  Time  Stamped  Data  for  Detailed  Analysis 

►  Windows-based  SmartSensor  Software 
►  Data  or  graphical  view 

•Easily  exports  to  common  spreadsheet 
software 


Toll  Free  1.-866-442-7767 
www.smartr6nix.com/products 


WRC4.NET 

NEW  ^  Ti™  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penrll 
Racal  Telebit  Zoom 


WE  BUY  AND  SELL 
www.wrca.net 

800-699-9722 


For  more  information  on  advertising 
in  the  Marketplace, 

STOP  everything,  and  call  now! 
800-622-1108  ext 6465 


Systems 


/Memory 


EOUIKMENT 

Also  Available:  welHTeet,  Bay,  Fore, 
Xylogics,  Livingston,  &  Ascend 

in  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

The  »1  Network  Remarketer 

952*835*5502 

Fax  952>835«1927  E-Mall:sales@c  omstarinc.com 


OptimumDatalnc. 


toll  free  800  879  8795 
ph:  +  1  402  575  3000 
fax:  +  1  402  575  20 1 1 


www.optimumdata.com 


ne  •  ADTRAN  •  Sun  •  Extreme  Networks 


in_nvn 


See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  goods. 

Gifts  Pens.  Clocks. 

Lighters.  Games 

www.suitcase.com 


For  tvu>re  Information 
on  a^v'er+mn.?  In 
A/e+wo rk  Worths  Mar(ce+Mace 
con+act;  Br)ko  Gut?a Ie* 
S00-G11-1108  ex+. 
e^otoIe©n  ww.com 


Nstwsct  Pretests  A  Ssnricss  with 
Network  WttM's  Martetstscs  CaH  800-622-UM  eiL  SH7 


<D  careers.com  IT  CAREERS 


CONSULTANT  Analyze 
user  needs  &  requests, 
design,  dev.  &  implement 
med.  to  Ig.  apps.  using  var¬ 
ious  software  technologies, 
such  as  Java,  Javascript, 
HTML,  ASP,  Lotus,  SQL, 
MS  Office,  Dreamweaver, 
Frontpage,  Photoshop,  & 
ACCESS.  Must  have  MS  in 
Comp.  Sci.,  MIS,  Infor¬ 
mation  Systems  or  related 
field.  Send  res./cov.  Itr.  to 
Patricia  Sirabella,  HR  Dir., 
Gemini  Systems,  Inc.,  61 
B'way,  #925,  NY,  NY  10006. 


Software  Developer 

Develop  customized  software  solu¬ 
tions  to  address  client's  business 
and  commerce  needs.  Must  have 
Bachelors  Degree  in  Computer 
Science  or  in  a  related  field  &  3  yrs. 
exp.  or  3  yrs.  exp.  in  a  related  posi¬ 
tion  w/ability  to  use:  Oracle,  Win¬ 
dows.  Visual  SourceSafe.  Willing  to 
travel  and  relocate  across  the  U.S. 
40.0  hrs./wk  8:00  AM  -  6:00  PM 
$76.000/Yr,  Applicants  send  cov¬ 
er  letter  and  resume  to: 

SRA  Systems  Limited 
1945  Cliff  Valley  Way 
Suite  270 
Atlanta.  GA  30329 
Attn:  K.  Markandan 


Page  &  Olson  is  a  CPA  firm, 
developing  an  unique  software 
Icommander  for  CPA  firms  run¬ 
ning  on  TCP/IP  LAN.  We  look  for 
software  engineers  or  system 
analysts.  Candidates  must  have 
BS  with  exp.  using  ColdFusion 
and  ASP.  Send  resumes:  P.O.  Box 
368Mt.  Pleasant,  Ml  48804-0368. 

Adept  Computer  is  seeking  IT  pro¬ 
fessionals/engineers.  Qualified 
applicants  must  have  BS  with  min¬ 
imum  1-yr  exp.  Skills  in  Oracle, 
Jave.  XML,  J2EE,  SQL,  JSP. 
WebLogic/WebSphere,  DB2, 
JDBC,  Client/Server  are  plus. 
Apply  at  1010  Harmon  Blvd., 
Hoffman  Estate,  IL  60194.  EOE. 


Kwikset  is  looking  for  the  fol¬ 
lowing  positions: 

Software  Developer. 

IT  Supply  Chain  Logistics 
Project  Mgr.  to  work  w/QAD- 
Mfg/Pro,  costing  modules, 
EDI  and  quality  mgmt. 
Masters  degree  &  2  yrs.  exp. 

Resumes  by  fax/email  only 
to  HR,  Kwikset,  19701 
DaVinci,  Lake  Forest,  CA 
92610;  Fax  (949)  672-4761; 
e-mail;  apply@bdhhi.com. 


Software  Engineers  needed  for 
Houston  based  firm  to  work  in 
various  unanticipated  U.S.  loca¬ 
tions,  to  design,  develop,  imple¬ 
ment  complex  financial  business 
performance  management  solu¬ 
tions,  ind.  planning,  budgeting, 
cash  flow  analysis,  forecasting, 
reporting  applications.  Utilizing 
OLAP,  decision  support  systems 
technologies  and  SQL.  Must 
have  Bach,  in  Comp.  Sc.  or  CIS 
and  5  yrs.  exp.  in  job  offered. 
Fax  resume  to  COMPQSOFT, 
HR  Dept  at  281-272-2515.  Ref 
Code:  Put  SE-1102  on  the 
resume. 


Computer  Network 
Analyst 

Computer  Consulting  Co. 
seeks  qualified  indiv.  to  ana¬ 
lyze,  design,  test  &  evaluate 
network  systems.  Req’d: 
Master  Degree  in  Comp  Sci. 
Must  have  MCSE/MCSA, 
Must  have  exp.  with  Java, 
Unix,  &TCP/IP  through  edu¬ 
cation  or  employment;  Pis 
send  res  to:  Infovalue 
Computing,  Inc.  4  West¬ 
chester  Plaza,  Elmsford  NY 
10523  Attn:  Sharon  Chen 


PROGRAMMER-ANA¬ 
LYSTS  needed  to  analyze 
use-cases  &  class  dia¬ 
grams  using  Rational  Rose; 
dsgn  &  customize  Livelink 
applies  w/web  interface 
using  Livelink  Builder  & 
SDK;  create  interfaces  to 
generate  Web  docs;  create 
workflows  &  dsgn  forms 
using  Livelink  (Workflows, 
Forms,  LAPI),  OScript, 
SQL,  JSP,  JavaBeans  & 
JDBC.  Apply  to:  Global 
Consultants,  601  Jefferson 
Rd,  Parsippany,  NJ  07054. 


Computer  Consulting 
Co  seeks  program¬ 
mer  analysts  &  data¬ 
base  administrators. 
Bachelor's  +2yrs  IT 
exp.  Resume  to  Upp 
Business  Systems, 
3075  Highland  Park¬ 
way,  Downers  Grove, 
IL  60515. 


Kwikset  is  looking  for  the  fol¬ 
lowing  positions: 

Software  Developer. 

IT  Supply  Chain  Logistics 
Project  Mgr.  to  work  w/QAD- 
Mfg/Pro,  costing  modules, 
EDI  and  quality  mgmt. 
Masters  degree  &  2  yrs.  exp. 

Resumes  by  fax/email  only 
to  HR,  Kwikset,  19701 
DaVinci,  Lake  Forest,  CA 
92610;  Fax  (949)  672-4761; 
e-mail;  apply@bdhhi.com. 


Senior  Software  Eng. 
with  Masters  degree 
and  two  years  exp. 
wanted  in  Houston, 
TX.  Respond  to:  HR 
Dept.,  Houston  Com¬ 
puter  Center,  Inc. 
10641  Harwin  Dr., 
Suite  500,  Houston, 
TX  77036. 


Senior  Software  Developer. 
Provide  architectural  direction  to 
web  app.  projects.  Design, 
implement  and  deploy  web 
apps.  using  J2EE.  Execute  pro¬ 
jects  using  RUP.  Provide  object 
and  component  modeling  using 
UML.  Provide  integration  solu¬ 
tions  between  J2EE  and  EIS 
platforms  using  JCA.  Design, 
implement  and  deploy  HROR- 
BIT  Project  on  UNIX  platform, 
with  performance  tuning  by  clus¬ 
tering  and  load  balancing  of 
Weblogic  app.  Server.  Provide 
SOAP  based  XML  messaging 
solutions.  Must  have  B.S.  in 
Comp.  Sci.,  Eng.  or  related 
degree  +  1  yr.  exp.  in  job  offered 
or  Software  Engineer.  Must 
have  knowledge  of  J2EE  and 
EIS  platforms  (PeopleSoft) 
using  JCA;  ADK;  SOAP,  XML 
messaging,  RUP,  UML  and 
UNIX.  $72,000/yr.  Send  resume 
+  cover  letter  to  CMC,  Attn: 
Aisha  Butcher.  6951  Pistol 
Range  Rd.,  Tampa,  FL  33635. 


GIS  Software 

Quality  Control  Specialists: 
GIS  Software  test  planning  and 
preparation.  Generate  test 
cases  and  scripts  using  geo¬ 
graphically  referenced  data, 
report  and  coordinate  test  activi¬ 
ties,  execute  test  scripts,  record 
results  in  a  defect  tracking  pool 
and  implement  sound  QA  test¬ 
ing  practices  using  GNIS,  LODE 
data,  GE  Small  World,  Framme, 
Microstation  &  Autocad. 
Communicate  and  resolve  QA 
issues  with  Programmers  and 
Developers.  Develop  &  initiate 
quality  standards  for  new  soft¬ 
ware  tools  to  implement  new 
versions  of  GIS.  2  years  exp.  in 
job  offered  required.  Think 
Resources,  Inc.,  Attn:  GIS 
Recruiting.  280  Technology 
Parkway,  Norcross,  GA  30092. 
No  phone  calls  please.  EOE. 


PerfCap  Corporation  is  looking 
for  a  senior  software  engineer 
responsible  for  the  architecture 
and  development  of  the  compa¬ 
ny's  systems  performance  and 
capacity  planning  software  prod¬ 
ucts  that  are  intended  for 
secure  web  based  performance 
management  of  hybrid  IT  infra¬ 
structures  with  multiple  plat¬ 
forms  like  HP-UX,  IBM-AIX,  Sun 
Solaris,  TRU64  Unix  and 
Windows  2000.  Duties  involve 
development  of  system  data  col¬ 
lectors  for  the  mentioned  plat¬ 
forms,  web  based  GUIs  and 
management  servers.  Requires 
JAVA,  C/C++  programming 
and  SQL  Server.  A  bachelor's 
degree  in  Engineering  or 
Computer  Science  with  five 
years  experience.  Salary  $82K. 
Submit  2  copies  of  resume  to  : 
Job  Order  #  2003-078,  PO  Box 
989,  Concord.  NH  03302-0989 


SolutionslQ  seeks  DB  Engr.  for 
HQ  office  in  Bellevue,  WA. 
DESC:  Dsgn,  dev,  &  cust. 
RDBMS,  web  based  tools,  com¬ 
ponents  &  progs,  &  encryption 
techs,  for  impl.  into  multi-user 
financial  transactions  sys.  util. 
SQL,  C#,  XML,  ASPX,  internet 
protocols,  component  based 
techs.,  OO  dsgn.  &  dev,  and 
.NET  on  Win  based  o/s.  REQS: 
BS  in  Engr,  CS,  Math,  or 
Physics  +  5  yrs.  exp.  dsgn,  dev, 
&  impl.  RDBMS  &  rel.  apps.  for 
multi-user  financial  transactions 
sys.  util.  SQL,  internet  protocols, 
component  based  techs,  OO 
dsgn.  &  dev.,  HLL,  and  Win 
plats.  Prem.  sal  +  benes.  Pis. 
reply  to  D.  Willmart,  Job  #  SIQ- 
214,  1260-1 16th  AVE  NE, 

Bellevue,  WA  98004. 


A  position  is  available  for  a 
Quality  Assurance  Technician 
with  an  Atlanta-based  technolo¬ 
gy  solutions  company.  The 
company  architects  and  designs 
next  generation  software  for 
point-of-sale  and  Internet  sys¬ 
tems  in  the  retail  industry  includ¬ 
ing  entertainment,  petroleum 
with  convenience  or  food  stores, 
and  restaurants. 

The  Quality  Assurance  Tech¬ 
nician  is  primarily  responsible 
for  assisting  the  Quality 
Assurance  Manager  in  the 
development  of  standardized 
repair  processes  in  an  effort  to 
identify  "best  practices"  and 
instill  quality  into  the  company’s 
products.  Specific  responsibili¬ 
ties  include  developing  stan¬ 
dardized  repair  procedures  for 
all  new  products  and  assisting  in 
the  planning  and  implementation 
of  testing  strategies. 

Candidates  should  possess  a 
Bachelor's  degree  in  Computer 
Engineering  or  other  engineer¬ 
ing  related  field  and  five  years' 
experience  in  board-level  repair 
testing,  database  management, 
and  computer  systems  repair. 

Apply  by  mail  to: 

Christie  LoCurto 
3925  Brookside  Parkway 
Alpharetta,  Georgia  30022 


Seeking  software  engineer  with 
Master's  Degree  in  Computer/ 
Electrical  Engineering,  Physics 
or  Math  +  3  yrs.  exp.  as 
Software  Engineer  or  Software 
Developer  to  research,  design, 
&  develop  computer  software 
systems  applying  principles  & 
techniques  of  computer  science, 
engineering,  and  mathematical 
analysis  &  work  with  wide  vari¬ 
ety  of  platforms.  Analyze  soft¬ 
ware  requirements,  consult  with 
hardware  engineers  &  other 
engineering  staff,  evaluate  inter¬ 
face  between  hardware  &  soft¬ 
ware  &  operational  &  perfor¬ 
mance  requirements  of  system. 
Formulate  &  design  software 
system.  Develop  &  direct  soft¬ 
ware  system  testing  procedures, 
programming,  &  documentation. 
Consult  with  customers  on 
maintenance  of  software  system 
&  coordinating  installation  of 
software  systems.  Must  have 
experience  with  XML  standards; 
XSLT;  J2EE  Architecture;  EJB 
1.1  and  EJB  2.0;  JMS;  JSP; 
Java  Swing;  Java;  BEA 
Weblogic  and  Customizing  GIS 
software;  Rational  Tool  Suite; 
UML;  Object  Oriented  Design; 
Oracle/MSSQL;  C  and  C++;  and 
Sun/Windows  software  and 
hardware.  Salary:  $85,000.00/ 
yr.  40  hrs./wk.  Applicants  must 
send  two  (2)  copies  of  resume  to 
Job  Order  #2003-086,  P.O.  Box 
989,  Concord,  NH  03302-0989. 


SOFTWARE  CONSULTANT 

Analyze  &  evaluate  existing  or  pro¬ 
posed  software  sys.  Dsgn,  dvlp, 
implement  &  improve  programs, 
sys.  and  related  procedures  to 
process  data  using  in-depth  knowl¬ 
edge  of  the  software  dvlpmnt  life 
cycle.  Encode,  test,  debug  &  install 
operating  programs  &  other  sys. 
software  utilizing  knowledge  of 
RDMBS  environments  &  Power¬ 
Builder.  B.S.  (or  equiv.)  in  Comp. 
Sci.,  Comp.  Eng.  or  directly  related 
field  +  2  yrs  exp.  in  position  offered 
or  as  a  Prog.  Analyst,  Sys.  Analyst 
or  Software  Engnr  reqd.  Exp. 
must  include:  (a)  Oracle,  Sybase 
or  SQL  Server;  and  (b)  Power¬ 
Builder.  High  mobility  preferred.  40 
hours/week,  8:00  a.m.  to  5:00 
p.m..  $61,000/yr.  Qualified  appli¬ 
cants  submit  resume  to:  Manager. 
Washington  County  Team  PA 
CareerLink,  Millcraft  Center,  suite 
150LL,  90  West  Chestnut  Street, 
Washington,  PA  15301-4517. 
Please  refer  to  Job  Order  No. 
WEB  295707. 


HCL  TECHNOLOGIES  AMERICA.  INC. 

HCL  Technologies  America,  Inc.  and  its  affiliate  companies  like 
HCL  Enterprise  Solutions  and  HCL  Technologies  (Mass.)  Inc. 
have  multiple  openings  at  its  offices  in  Sunnyvale,  CA; 
Stamford  CT;  Plano  TX;  Florham  NJ,  Irvine  CA,  Vienna,  VA, 
Boston,  MA,  Chicago,  IL,  Detroit,  Ml  as  well  as  project  sites 
throughout  the  United  States  for  the  following  positions: 

Software  Engineers 
Programmer  Analysts 
Systems  Analysts 
Database  Administrators 
Hardware  Engineers 
Budget  Analysts 
Systems/Network  Administrators 
Project  Managers 

Account  Managers/Sales  Managers/Business  Managers 

Sales  Engineers 

Industrial  Engineers 

Market  Research  Analysts 

Management  Analysts 

Human  Resource  Representative 

Accountants 

Salary  will  be  commensurate  with  education  and  experience. 
All  positions  may  involve  travel  or  relocating  to  various  client 
sites  through  out  the  US. 

For  consideration  please  send  your  resume  to: 

HCL  America  Technologies,  Inc. 

Attn.:  HR  Dept.  (Computerworld  Ad.) 

330  Potrero  Avenue 
Sunnyvale,  CA  94085 
Email:  cwjobs@hcltech.com 

Please  indicate  the  location  and  the  position  you  are 
applying  for. 

www.hcltechnologies.com 


Paymap,  Inc.,  a  Division  of  First 
Data  Corporation,  a  company  in 
Greenwood  Village.  CO  special¬ 
izing  in  electronic  commerce/ 
money  transfer,  has  an  opening 
for  a  Senior  Database 
Administrator  to  work  in  San 
Francisco,  CA  and  other  unan¬ 
ticipated  job  sites  in  the  U.S. 
Installation,  configuration  and 
upgrading  of  Oracle  server  soft¬ 
ware-related  products.  Req¬ 
uires  bachelors  degree  or  for¬ 
eign  equivalent  in  engineering  or 
computer  science;  3  yrs.  experi¬ 
ence  as  an  Oracle  database 
administrator  on  Sun  Solaris 
and  Windows  NT  platforms; 
working  knowledge  of  installa¬ 
tion  &  configuration  of  Oracle 
Application  servers  &  standby 
databases,  deploying  Oracle 
Forms  on  the  web,  design  &  cre¬ 
ation  of  OLTP  &  data  warehouse 
databases,  PL/SQL  and  Shell 
Programming,  as  well  as  Oracle 
Enterprise  Manager.  Respond 
by  resume  to  Norm  Barnett,  First 
Data  Corporation,  6200  S. 
Quebec  St.,  Greenwood  Village, 
CO  80111  and  refer  to  job 
#4440MO. 


Sr.  Programmer  Analyst, 
Denver,  CO.  Plan,  devel¬ 
op,  test  and  document 
computer  programs  using 
RPG/400  programming 
techniques  and  AS/400 
hardware.  B.S.,  comput¬ 
er  science  or  related  field 
and  2  yrs  relevant  experi¬ 
ence.  Fax  resumes  to  N. 
Prentice,  TransMontaigne 
Product  Services  Inc., 
303  626  8245. 


Web  Developer/Programmer 

Multiple  positions  available  to 
primarily  develop  web-based 
computer  applications,  applying 
knowledge  of  computer  pro¬ 
gramming  techniques  &  sys¬ 
tems. 

Requirements:  Bachelor's 

degree  in  Computer  Science  or 
related  field.  Must  possess  3 
yrs.  post-baccalaureate  work 
exp.  in  position  offered  or  in 
computer  industry.  Must  be 
knowledgeable  &  proficient  in 
(1)  one  of  the  following  databas¬ 
es  (Oracle,  VSAM,  DB2,  SQL 
Server  or  Teradata);  (2)  JAVA; 
and  (3)  one  of  the  following  high- 
level  languages  (VB/ASP, 
PL/SQL  or  C/C++).  Must  be  will¬ 
ing  to  travel  &  relocate  to  client 
sites  nationwide  frequently. 
Replies  with  ref.  Code  CW2003 
via  email  (steve@sdiworld.com), 
fax  (412-490-0665)  or  mail 
(Steve  Rydzak,  SDI 
Technologies,  1  Penn  Center 
West,  Suite  311,  Pittsburgh,  PA 
15276) 


Software  Engineer.  Dev 
Warehousing  data  mart  & 
various  Logical/Physical 
data  models,  Unix  Scripts 
using  Erwin  4.0  &  ETL  for 
perf.  Tuning  appl.  In  Test 
&  Production  environ¬ 
ment.  Req:  MS  in  Com. 
Sci.  or  Comp.  Eng.  40 
hr/wk.  Job/Interview  Site: 
Simi  Valley,  CA.  Send 
resume  to  Soclear  Corp., 
P.O.  Box  2111,  Simi 
Valley,  CA  93062-2111. 
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Computer 
Software  Designer 

(Yorkiown  Heights,  N.Y.) 

Analyzes  software  requirements 
to  determine  feasibility  of 
design  within  time  and  cost 
restraints,  and  considering 
hardware  capabilities,  analyzes, 
researches,  designs,  and 
develops  computer  software 
systems  in  Windows  utilizing 
principles  and  techniques  of 
computer  science  engineering, 
and  mathematical  analysis. 
Prepares  object  models  and 
data  flow  diagrams  to  develop 
program  considering  hardware 
capabilities  and  intended  use 
of  output  data.  Plans,  schedules, 
develops,  tests,  and  documents 
computer  programs  using 
object  models  and  data  flow 
diagrams  applying  knowledge 
of  programming  techniques 
and  computer  systems. 
Consults  with  systems 
operation  personnel  to  install 
and  maintain  the  software 
system.  Tests  programs,  detects, 
locates  and  corrects  errors. 
Monitors  performance  of 
program  after  implementation, 
corrects  errors  and  optimizes 
for  performance.  Requires  a 
Bachelor  degree  in  Computer 
Science/Engineering,  Electrical 
Engineering,  Mathematics  or 
Computer  Applications  and 
two  years  experience  in  the 
job  duties  or  a  Master  degree 
and  one  year  of  experience  or 
two  years  as  a  Programmer 
Analyst  or  software  engineer. 
Must  have  two  years  experience 
in  C++,  C,  COM,  ATL,  and 
all  Windows  operating  systems. 
Must  be  able  to  communicate 
in  English.  40  hours  a  week; 
8:30am  to  4:30pm,  $85,000 
per  year.  Send  resume  in 
duplicate  to:  AIM-437,  P.O.  Box 
703,  N.Y.,  N.Y.  10014-0703. 
EOE. 


Member  of  Technical  Staff  - 
Advanced  Technology  Group: 
Perform  research,  analysis, 
design,  development,  testing  & 
implementation  of  transceiver 
modem.  Design  &  simulate  high 
speed  &  low  power  platforms,  fil¬ 
ters.  diplexers,  PLLs  8  other  RF 
circuitry  for  modem.  Design  suit¬ 
able  channel  coding,  modulation 
&  equalization  methods  for 
bandwidth  efficient,  extremely 
reliable  bi-directional  communi¬ 
cations.  Research  8  investigate 
design  requirements,  vendor 
specs,  market  trends,  8  industry 
standards  for  parts  to  be  used  in 
circuitry.  Perform  testing  & 
analysis  of  hardware  prototypes 
of  product  design.  Develop  engi¬ 
neering  design  analysis  &  trade¬ 
offs  for  cost,  stability,  perfor¬ 
mance.  &  quality  to  make  rec¬ 
ommendations  to  management. 
Work  &  collaborate  with  other 
engineers  to  share  ideas  8 
resolve  sftware  8  hrdware 
issues.  Master's  degree  in 
Electrical/Electronics  Eng'g  or  a 
closely  related  field,  &  1  yr. 
experience  in  job  offered  or  in 
Communications  Systems 
Research  Engineering  Req¬ 
uires  demonstrated  knowledge 
of  communications  systems  the¬ 
ory  in  design  of  modems  & 
expertise  in  dvlpment  &  applica¬ 
tion  of  broadband,  high-speed 
communication  networking, 
such  as  modulation,  equaliza¬ 
tion.  &  channel  coding  theory.  40 
hrs/wk;  9a-6p  (M-F);  $88,000/yr. 
Must  have  unrestricted  autho- 
nzation  to  work  in  U  S.  Submit 
resume  in  duplicate  to:  Case 
#200114590,  Labor  Exchange 
Office,  19  Staniford  St.  1st  fl, 
Boston,  MA  02114.  EOE 


Computer  System 
Administrator 

(Yorktown  Heights.  N.Y.) 

Evaluates  business  requirements 
for  new  or  modified  program  to 
determine  cost  and  time 
required,  compatibility  with 
current  system,  and  required 
computer  capabilities.  Consults 
with  managerial  and  systems 
operation  personnel  and  systems 
architects  to  clarify  program 
intent  and  objectives,  identify 
problems  and  suggest  changes 
to  Unix  Production  System. 
Within  time  and  cost  restraints, 
and  considering  hardware 
capabilities,  analyzes,  researches, 
designs,  and  develop  computer 
software  systems  relating  to 
Unix  utilizing  principles  and 
techniques  of  computer  science, 
engineering,  and  mathematical 
analysis.  Prepares  object 
models  and  data  flow  diagrams 
to  develop  program  considering 
hardware  capabilities  and 
intended  use  of  output  data. 
Plans,  schedules,  develops,  tests, 
and  documents  computer 
programs  using  object  models 
and  data  flow  diagrams  applying 
knowledge  of  programming 
techniques  and  computer 
systems.  Consults  with  systems 
operation  personnel  to  install 
and  maintain  the  software 
system.  Tests  programs,  detects, 
locates  and  corrects  errors. 
Monitors  performance  of 

program  after  implementation, 
corrects  errors  and  optimizes  for 
performance.  Requires  Bachelor 
degree  in  Computer  Science/ 
Engineering,  Information 
Technology  Systems  or 

equivalent  together  with  three 
years  of  experience  in  the  job 
duties  or  a  Master  degree  and 
one  year  experience.  Must  have 
two  years  experience  with  DNS 
BIND  and  APACHE.  Must  be 
able  to  communicate  in  English. 
40  hours  a  week;  Monday  to 
Friday,  8:30  am  to  4:30  pm. 
$76,357.00  per  year.  Send 
resume  in  duplicate  to: 

AIM-438,  P.O.  Box  703,  NY. 
NY  10014-0703.  EOE. 


Computer  Software  Engineer, 
Atlanta.  GA-  Implement  designs 
adhering  to  well-structured  soft¬ 
ware  engineering  standards, 
design  specification  and  the 
development  schedule.  Primary 
modules  of  responsibility  may 
include  Viewer,  Movie,  Profile 
Tools,  Virtual  GIS  and  New 
Visualization  Capabilities.  Test 
software  and  on-line  help  to 
assure  minimum  level  of  quality 
is  met.  Maintain  software  during 
its  life  cycle.  Bachelor  of 
Science  and  3-5  years'  of  GIS/ 
Remote  Sensing  processing 
techniques  and  methodologies 
experience  required.  Leica  GIS 
and  Mapping  Division,  LLC, 
2801  Buford  Highway,  NE,  Suite 
400,  Atlanta,  GA  30329 
jody.stepakoff@gis.leica- 
geosystems.com 


IT  Analyst  III.  Setup  &  monitor 
MQ  queue  structures;  middle¬ 
ware  Java  objects  dvlpmt;  cod¬ 
ing  &  testing  of  COBOL/CICS 
multi-envrmt  prgms;  dsgn  n-tier 
architecture;  ETL  data  transfer. 
BS  in  Comp  Sci  or  related  field 
+5  yrs  exp  in  job  offd  or  as 
S/ware  Engr  or  similar  duties 
under  different  job  title.  Exp 
must  incl  middleware  dvlpmt 
involving  MQ  Series,  Cobol, 
Java;  IBM  Workflow,  Mercator, 
Maestro,  XML,  XSL,  UML  & 
Business  Objects;  MVS  &  Win 
NT  envrmt  utilizing  DB2  & 
Oracle  11i;  writing  &  monitoring 
MQ  queues;  willingness  to  travel 
(up  to  20%).  40  hrs/wk,  $58K/yr. 
Must  have  proof  of  legal  auth  to 
work  in  US.  Send  your  resume 
to  IA  Workforce  Center.  215  Keo 
Way,  Ste  100,  Des  Moines,  IA 
50309-1727.  Please  refer  to 
JO#  IA1 101659.  Employer  paid 
ad. 


Corpus  Incorporated,  here¬ 
inafter  referred  to  as,  "Corpus", 
is  a  leading  Information  Tech¬ 
nology  Services  firm  providing 
innovative  B2B,  enterprise  inte¬ 
gration  and  m-commerce  solu¬ 
tions  and  services  to  businesses 
worldwide.  We  have  the  follow¬ 
ing  position  available: 

Business  Intelligence  Analysts: 
Utilize  Business  and  Technical 
Expertise  in  Systems  Appl¬ 
ication  and  Products  in  Data 
Processing.  Analyze  User 
requirements,  procedures  and 
problem  to  automate  process, 
improve  computer  SAP 
Systems.  Plan,  design  and 
implement  integrated  family  of 
sales,  marketing,  and  customer 
service  applications,  in  SAP 
FI/CO  modules.  Utilize  tools 
such  as  C++,  C#,  ASP.NET, 
SeeBeyond,  MS  SQL  Server 
2000  and  Oracle  9i  to  provide 
implementation  using  object  ori¬ 
ented  design  and  Provide  post¬ 
implementation  support.  Need 
Bachelor's  in  Business 
Administration  or  Computer 
Science  or  Engineering.  Need  2 
years  of  experience  in  related 
field. 

Programmer  Analysts:  Plan, 
design,  develop,  test  and  deploy 
n-tier  object-oriented  enterprise 
software  applications.  Exp¬ 
erience  in  the  following  tech¬ 
nologies  required:  OOAD, 
RDBMS,  Client  Server  Tech¬ 
nology,  Distributed  Computing 
and  Configuration  and  Change 
Control  Management.  Also 
knowledge  of  the  following  tools 
and  methodologies  is  essential: 
Unix,  Oracle,  Informix,  SQL, 
C++,  Corba,  MQ  Series,  XML, 
UML,  Testing  tools  and  the 
Rational  tools  like  Rational 
Rose.  Rational  Requisite  Pro, 
Clear  Case  and  Clear  Quest. 
Need  Bachelor's  degree  in 
Engineering  or  Computer 
Science  and  2  years  of  experi¬ 
ence. 

Send  resume  to:  HR.  1300 
West  Walnut  Hill  Lane,  Suite 
#250,  Irving.  TX  75038.  E-mail 
jobs@corpusinc.com 


Data  Base  Administrator: 
Analyze  database  management 
systems  and  network  adminis¬ 
tration  using  Oracle  database  on 
Unix  platforms  such  as  Sun 
Solaris,  IBM  AIX,  and  SCO. 
Develop  backend  access  using 
PL/SQL  server  and  SQL  Server. 
Analyze  and  identify  compo¬ 
nents  and  features  of  Recovery 
Manager  (RMAN),  configure 
database  for  archive  processing 
and  identify  the  contents  of  user 
process  trace  files.  Requires: 
Bachelor  of  Science  degree  in 
Comp.  Sci.,  Eng.  or  related  field 
and  2  years  experience  in  soft¬ 
ware  development  including 
hands  on  knowledge  of  Oracle  8 
X  Administration.  40hrs/wk  (8- 
5);  $75,000. 00/yr.  Send  two 
resumes/responses  to:  Case 
Number  200114999,  Labor 
Exchange  Office,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114 


AFI,  Inc. 

S/W  Eng./Sys.  Analysts  /Techn. 

Interface  Mgr.  Multiple 
Positions.  S/W  Eng.  &  Sys. 
Anal,  will  dev.,  code,  test,  imple¬ 
ment  &  maintain  custom  S/W 
pkg.  in  areas  of  web  dvlpmnt.  w / 
the  use  of  Windows  NT/2000, 
Visual  Basic,  Asp,  JavaScript. 
VB  Script  &  SQL  Server.  Tech.- 
Inter.  Mgr.  will  perf.  sys,  analy¬ 
sis.  data  mapping,  info,  archit.. 
web  page  dvlpmnt.  &  mainte¬ 
nance  for  AFI  website  &  custom 
agent/  CSR  appl.  &  HTML  w /  the 
use  of  C++,  ERD,  SQL 
Scripting,  ASP,  SQL  Server. 
Req:  MS  in  Comp.  Sci.  Comp. 
Eng  ,  S/W  Sys.,  Mech  Eng.  or 
Info.  Sys.  (can  be  sub.  w/  BS  + 
5  yrs.  exp)  40  hrs/wk. 
Job/Interview  Site:  Encino,  CA. 
Ref#:  LAI  000.  Resumes  to: 
careers@answerfinancial  com. 


Software  Developer  wanted  to 
design,  Develop  and  Implement 
Software  programs  to  assist  nation¬ 
al/international  companies 
Improve  sales  of  product  in  Retail 
Outlets.  Design,  Implement  and 
Manage  system  to  support  local¬ 
ized  multi-lingual  database  and 
websites  for  international  clients. 
Perform  web  development  includ¬ 
ing  web  page  design,  development, 
testing,  implementation  and  main¬ 
tenance.  Perform  coding  using 
ASP,  ASP.NET,  VB.  VB.NET,  VB 
Script,  JavaScript,  COM.  DCOM. 
Active  X.  HTML.  DHTML,  CSS. 
XML.  XSL.  MS  SQL  Server 
7.0/2000,  IIS  4. 0/5.0,  Windows 
NT/2000/CE&  others.  40  hrs/week. 
8:00  a.m.  to  5:00  p.m.  Requires  a 
Bachelor  Degree  in  Computer 
Science  or  Electrical  Engineering. 
Please  send  resume  to  Panos 
Mastrogiannis,  SPAR  Infotech,  580 
White  Plains  Road,  6th  Floor. 
Tarrytown,  NY  10591.  Employer 
Paid  Ad. 


Bahwan  Cybertek  Technologies, 
Inc.  has  several  openings  available 
for  qualified  Prog/Sys  Analysts, 
Soft  Enggs./Consult-ants,  Proj. 
Mgrs,  DBAs  and  Sys  Admins  to 
design/develop  applications  using 
skill  sets  such  as  C,  C++,  VB, 
VC++,  Java,  EJB,  Oracle,  Informix, 
Sybase,  UML,  Internet,  telephony 
and  wireless  technologies,  Win- 
dows/UNIX  admin.  Require:  BS/MS 
or  for.  equiv.  in  Comp  Sci/Engg(any 
branch)/Sci. /Math/Buss. /related 
field.  Combination  of  education  and 
experience  will  be  accepted.  Highly 
competitive  salaries  &  benefit. 
Travel  involved.  Resumes  to:  Ste 
312,  209  West  Central  Street, 
Natick,  MA  01760 


Prog/Analysts  to  analyze, 
design,  test  enterprise  level 
appls  using  Java,  HTML,  VB, 
ASP,  JDBC,  Servlets,  etc.  under 
Windows  and  UNIX  OS;  perform 
database  monitoring  and  quality 
control,  coding  and  testing  of 
projects;  generate  batch  reports 
from  existing  data  and  debug  for 
better  performance.  Require  BS 
or  foreign  equiv  in  CS/Engg  (any 
branch)  and  1  yr  exp  in  IT.  High 
salary.  F/T.  Travel  required. 
Resumes  to  Salem  Associates, 
Inc.  405,  6th  Ave,  Ste  102,  Des 
Moines,  IA  50309 


Aurora  Consulting  is  looking  for 
Programmer  Analyst,  Software 
Engineer  to  implement  Oracle 
Financials  for  clients.  Candidates 
must  have  BS/MS,  exp.  in  Oracle 
and  US  work  permit.  We  offer 
attractive  wage.  Send  resumes 
to  9093  Countrywood  Dr, 
Plymouth,  Ml  48170.  EOE. 

NetSoft  is  an  IT  consulting  firm 
with  offices  in  different  states, 
has  positions  for  software/project 
engineers,  system/programmer 
analysts.  Req:  BS  with  min  1-yr 
exp.  Preferred  skills  in  Oracle. 
Seebeyond,  SQL,  Java.  Apply 
hr@nstc.net  or  iobs@nstc.net. 


Sr.  Programming  Analyst 
(multiple  positions).  Design 
customized  techn  appl  pro¬ 
grams.  Install  &  config  pro¬ 
gram  prod.  Determine  tech 
infrastructure  &  comm.  Req. 
Test  appl.  Analyze,  design  & 
develop  app.  Interfaces  using 
IBM  AS400,  RPGLE,  C/400  & 
Java/400.  Req.  BS  in  Comp. 
Sci.,  Comp  Eng.  Or  Elect. 
Eng.  And  5  yrs  exp  as  Pro¬ 
grammer.  40  hr/wk.  Job/inter¬ 
view  site:  Irvine,  CA.  Send 
resume  to  SVI  Solutions, 
5607  Palmer  Way,  Carlsbad, 
CA  92008. 


Software  Engineer.  Design, 
build  &  maintain  networking 
Cisco/LAN  &  sec.  sys.  in¬ 
cluding  user  interface  (JSPs) 
&  backend  busn.  obj.(EJBs) 
w/  use  of  WebLogic  app. 
server  in  clustered  env.  on 
Windows  2000  server  &  SQL 
2000/Oracle/SAP  as  backend 
d/b.  Req:  MS  in  Comp.  Sci., 
Bid.  Sci.  or  related.  40 
hrs/wk.  Job/Interview  Site: 
Newark,  DE.  Send  resume  to 
AlphaNet  Consulting,  705  S. 
Silver  Smith  Ln.,  Newark,  DE 
19702. 


Multiple  openings  for  exp'ed 
Prog/Sys  Analysts,  DBAs  and 
S/W  Engineers  to  perform 
design  and  development  of  S/W 
systems  using  various  H/W.  OS, 
tools,  software  packages  and 
languages;  developing  client 
server,  mainframe,  midrange. 
ERP  and  web  applications; 
Oracle  database  admin/systems 
admin.  All  positions  require  a 
BS/MS  or  foreign  equiv  in 
CS/Engg  or  related  field. 
Competitive  salary.  Some  trav¬ 
el/relocation  required.  Send 
Resumes  to:  HR,  Opal  Soft,  Inc. 
3150  Almaden  Expwy  Ste  205, 
San  Jose,  CA  95118. 


Asst  S/W  Eng 

Will  assist  in  designing, 
developing,  integrating,  and 
testing  desktop  &  notebook 
computer  test  software/hard¬ 
ware  architecture.  Req.  BS 
in  Comp  Sci.  or  related  field. 
40  hr/wk.  Job  site:  Irvine, 
CA.  Send  resume  to 
eMachines,  Inc.,  14350 
Myford  Rd.,  Irvine,  CA 
92606.  Pis  ref  to  job  code: 
asweng-cw. 


Analyst;  User  Support  Analyst 
Mgr  needed  by  jewelry  mfrg. 
co.  to  manage  internal  proj  for 
ERP  syst.  implementation 
(Microsoft  Navision).  manage 
info  syst  development  &  develop 
user  procedures,  define  & 
develop  mgmt  level  Perfo¬ 
rmance  Measurement  Systems 
(PMS),  develop  contract  mfrg 
planning  &  controlling  syst  using 
Navision  C/AL  &  supervise  3 
User  Support  Bach  Deg  or 
Equiv  in  Computer  Sd  or  Eng. 
Mathematics  8  4  yrs  exp  in  this 
field.  Send  res  to:  Mr  Joe 
Manber,  Andel  Jewelry  LLC. 
31-00  47th  Ave.  LIC.  NY  11101 


Multiple  openings  available  for 
Prog/Sys  Anal,  DBAs,  Syst/Ad- 
min  and  S/W  Engineers  to  design 
/develop  S/W  appls  using  some 
of  the  following  -  C++.  VC++. 
Java  and  web  related  technolo¬ 
gies,  HTML,  VB  Script,  CGI.  SQL, 
TSQL,  MS  Access,  Visual  Inter- 
dev.  Active  X,  COBOL,  CICS, 
DB2,  SAP,  ABAP  etc.  on  Win¬ 
dows,  UNIX,  NT/Server  E  OS, 
Sun  Solaris,  etc.  All  positions 
require  a  BS/MS  or  its  foreign 
equivalent.  Competitive  salary. 
Some  travel/relocation  required. 
Apply  to:  HR,  CipherTrust,  Inc., 
11475  Great  Oaks  Way.  Ste  210, 
Alpharetta,  GA  30022. 


NEED  TO  HIRE? 
START  WITH  US! 


iTcareers  and  ITcareers.com 
reach  more  than  2/3  of  all  US 
IT  workers  every  week.  If 
you  need  to  hire  top  talent, 
start  by  hiring  us. 

Call  your  ITcareers  Sales 
Representative  or  Nancy 
Percival  at 
1-800-762-2977. 

IT  CAREERS 

where  the  best  get  better 


e-lite  companies 


e-merging  companies 


e-ssential  companies 


e-normous  opportunities 


IT 


where  the  best  get  better 


Become  a  IHicrosoft  Windows  2000  Security  Expert. 

It’s  easy.  Just  point,  click  and  choose  the  format  that  works  best  for  you: 
•CD-ROm  •UJeb-Based  •Hands-On  •Uirtual  Classroom 

Uisit  netSmart  today  at  wunu.nwnetsmart.com 


www.nwfusion.com 


etwork  Security  Perimeters 
(NSPs)  have  become 
necessary  as  a  result  of  our 
increasing  dependency  on  electronic 
communications  via  the  Internet, 
in  this  latest  SPECIAL  REPORT  - 
exclusively  from  Network  World 
Fusion  -  well-known  IP  networking 
specialist  Chris  Ellis  covers  the  issues 
of  NSP  design,  performance  and 
scalability.  Take  advantage  of  this 
free  offer  from  Network  World  Fusion 
and  secure  your  copy  of  the  SPECIAL 
REPORT:  Network  Security  Perimeters 
in  PDF  format  today. 

Chris  Ellis  is  an  IP  networking 
specialist  who  has  spent  most  of 
his  career  as  a 
consultant  analyzing, 
designing  and  deploying 
IP  networks.  His  career 
of  over  twenty  one 
years  has  seen  a 
particular  focus  on  the  engineering  of 
secure  IP  networks  as  well  as  next 
generation  networks  that  offer 
quality  of  service,  high  performance 
and  high  availability. 


For  a  limited  time,  you  can  get  a  copy  of  this  SPECIAL  REPORT 
in  PDF  format,  free.  Just  sign  up  for  any  of  Network  World 
Fusion's  over  40  technology  specific  e-mail  newsletters  and  we 
will  send  you  the  Network  World  Fusion  SPECIAL  REPORT: 
Network  Security  Perimeters  -  absolutely  free.  Remember,  you 
can  get  this  SPECIAL  REPORT  by  signing  up  for  a  Network 
World  Fusion  e-mail  newsletter.  Sign  up  today  at 


Network  Security  Perimeters 


Network  World  Fusion  offers 
a  SPECIAL  REPORT: 


Sponsors  of  the  Network  World  Fusion  SPECIAL  REPORT: 
Network  Security  Perimeters  include: 


http://www.nwwsubscribe.com/foc416 

_ 


Symantec. 


SOFTWARE ’ 


Secure  Identity  Management 


E  NETSOLVE’  ft*  Internet  Seci  jrity  Systems’ 


www.nwfusion.com 


□  NetworkWorld 


1/13/03 


H  Sales  Offices 

Carol  Lasker.  Associate  Publisher/Vice  President 
Kg  Jane  Weissman.  Sales  Operations  Coordinator 
Internet  clasker.jweissman@nww.com 
(508)  400-3333/FAX:  (508)  460-1237  _ _ 

New  York/New  Jersey 

Tom  Davis.  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  tdavis,  elisas.  ajo?eph@n ww.com 
(201)  587-0090/FAX:  (201)  712-9786  _ 


m 

m 


Northeast 

Donna  Pomponi,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dpomponi,  chorgan@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 _ 


Mid-Atlantic 

Jacqui  DiBianca,  Regional  Sales  Manager 
Marta  Hagan.  Sales  Assistant 
Internet:  jdibian.  mhagan@nww.com 
(610)  971  1530  FAX.  (610)  9?5-0837 

Midwest 

Eric  Danetz,  Regional  Sales  Manager 
Aimee  Jacobs,  Sales  Associate 
Internet:  edanetz,  ajacobs@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 
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Cisco 

continued  from  page  1 

Internet  over  Fibre  Channel  Protocol  and 
iSCSI,  are  supported  on  the  MDS  9509, 
FICON  and  ESCON  are  not. Without  FICON 
—  which  is  essentially  ESCON  over  Fibre 
Channel  —  the  MDS  9509  won’t  be  able  to 
network  with  IBM  mainframes.  Cisco  says 
FICON  support  is  planned,  but  did  not  pro¬ 
vide  a  time  frame. 

Performance  details 

•  In  a  30-second  test  using  large,  2,148- 
byte  packet  frames,  bidirectional  per-port 
throughput  was  210M  byte/sec  on  all 
ports,  which  represents  100%  line  rate. 

•  With  60-byte  frames,  under  a  100% 
delivered  load  on  all  112  ports,  raw 
throughput  was  150M  byte/sec  per  port, 
which  is  98.7%  of  the  bidirectional  theo¬ 
retical  line  rate  —  the  highest  we’ve  ever 
observed  on  director-class  switches  in  a 
multiport  test  using  small  frames. 

In  these  two  tests,  traffic  was  delivered  on 
one  port  and  came  out  on  another  port  on 
the  same  blade.  In  our  next  tests,  traffic 
went  into  one  port  and  came  out  on  anoth¬ 
er  port  on  a  different  blade. This  forces  the 
MDS  9509  to  switch  traffic  between  ASICs 
through  the  switch,  which  let  us  check  for 
blocking  within  the  switch’s  fabric.  The 
MDS  9509  proved  to  be  totally  nonblock¬ 
ing,  even  in  our  full-mesh  tests. 

In  a  full-mesh  test  using  large  2,148-byte 
frames, we  had  100%  theoretical  maximum 
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throughput,  which  we  have  observed  on 
director-class  switches  from  McData  and 
Brocade  —  but  only  when  running  at  1G 
bit/sec  (see  review  at  www.nwfusion.com, 
DocFinder  3828).  The  tests  on  the  Cisco 
box  were  conducted  at  2G  bit/sec. 

The  MDS  9509  had  a  maximum  latency 
of  219  microsec  when  tested  with  large 
frames.  We’ve  seen  director-class  switch 
latencies  ranging  from  174  microsec  to 
more  than  600  microsec. 

For  redundancy,  this  product  ships  with 
one  MDS  9509  Supervisor-1  CPU  card  (a 
second  is  optional)  that  supports  nondis- 
ruptive  code  load  and  activation.  Nondis- 
ruptive  code  load  is  the  ability  to  upgrade 
the  firmware  or  core  operating  software 
without  downtime. 

When  we’ve  seen  this  feature  demon¬ 
strated  on  other  SAN  switches,  it  was  per¬ 
formed  by  upgrading  a  back-up  CPU,  then 
failing  the  system  over  to  the  upgraded 
module.  In  this  case,  the  hot-upgrade  was 
performed  on  the  same,  primary  CPU. This 
took  only  15  seconds  for  the  hot  firmware 
upgrade  with  no  lost  frames. We  noted  that 
when  one  Supervisor  card  failed,  the  other 
optional  card  kicked  in  instantaneously 

Other  hardware  redundancy  features 
were  a  little  thin.  For  example,  there  were 
no  redundant  fans,  although  the  fan  tray  is 
hot-swappable.  And  while  the  power  sup¬ 
plies  can  be  in  a  redundant  configuration 
(N+l),  other  vendors  have  demonstrated 
high-availability  configurations  (N+3). 

Virtual  SANs 

With  this  product,  Cisco  introduced  the 
VSAN,  which  basically  takes  the  concept  of 
Fibre  Channel  fabric  zoning  a  step  further. 
Fabric  zoning  allows  for  the  creation  of 
device  zones,  or  groups,  within  a  switch 
that  cannot  connect  to  or  communicate 
with  other  devices  outside  that  zone.  It’s  a 
way  of  isolating  one  group,  or  zone,  from 
another  for  security  purposes.  However,  the 
segmentation  is  not  complete  because  it 
takes  place  within  the  same  database  on 


How  we  did  it 


Performance  testing  was  a  collabo¬ 
rative  effort  with  Spirent  Com¬ 
munications,  which  provided 
equipment  and  lab  space.  We  used  five 
SmartBits  SMB-6000B  chassis,  fully 
populated  with  FBC-3602A  1G  and  2G 
bit/sec  Fibre  Channel  modules.  Ports  on 
the  SmartBits  tool  can  be  configured 
for  half-  or  full-duplex  testing.  Spirent's 
SmartFabric  Test  Application,  Version 
1.20,  provided  port-by-port  results. 

Cisco  submitted  an  MDS  9509  switch 
populated  with  two  DS-X9530-SF1-K9 
Supervisor  1  cards  running  firmware 
Version  1.0(1)  and  seven  DS-X9016  16- 
port  1G  and2G  bit/sec  Fibre  Channel 
Cards. 

Basic  throughput  and  latency  were 
measured  using  bidirectional  traffic 
flows  configured  in  56-port  pairs.  The 


Cisco  MDS  9509 


WORLD 

cHbi/ier 


4.6 

RATING 


Company:  Cisco,  (408)  526-4000,  www.cisco.com  Cost: 
$2,000  per  port.  Pros:  Stellar  performance;  intuitive 
management;  hot  firmware  upload  on  single  CPU.  Cons: 
No  FICON  support;  limited  hardware  redundancies. 


t 


What's  the  score? 

MDS  9509 

Availability  25% 

4 

Performance  25% 

5 

Management  and  administration  20% 

5 

Features  15% 

5 

Configuration  15% 

4 

TOTAL  SCORE 

4.6 
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Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this 
category.  Defines  the  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room 
for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this 
category.  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
some  features  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar, 
or  lacking  features  being  reviewed. 


the  switch  that  enforces  the  zones  and  pro¬ 
vides  addressing  and  routing  functions  for 
each.  A  malfunctioning  node  on  one  zone, 
for  instance,  can  corrupt  the  database  and 
bring  down  the  whole  SAN. 

VSANs  have  the  ability  to  segment  the 
database.  That  means  each  defined  zone 
is  a  discrete  storage  network  with  its  own 
dedicated  database.  So  if  one  VSAN  expe¬ 
riences  trouble,  it  doesn’t  affect  the  other 
VSANs  defined  within  the  switch. 

Other  applications  for  VSANs  would  be 
to  interconnect  isolated  fabrics  in  remote 
data  centers  over  a  long-haul  link.  They 
also  add  to  the  switch’s  scalability  and  the 
creation  of  multiple  SAN  “islands,”  elimi¬ 
nating  the  need  to  use  a  separate  switch 


tests  were  run  for  30  seconds  using 
small  (60-byte)  and  large  (2,148-byte) 
frames  at  100%  load.  Latency  was  mea¬ 
sured  at  10%  and  100%  loads  to  evalu¬ 
ate  frame  delays  within  the  switch 
under  stress. 

With  our  high-stress,  full-mesh  through¬ 
put  test,  we  configured  each  of  112 
SmartBits  ports  to  send  large  frames 
to,  and  receive  from,  each  of  the  other 
111  ports. 

In  our  reboot  test,  we  cut  off  power  to 
the  devices  to  see  how  quickly  the  de¬ 
vices  could  resume  normal  operation. 

To  test  nondisruptive  code  load,  we 
started  a  bidirection  flow  of  large 
frames  across  all  112  ports.  Midway 
through  the  test,  a  code  load  was  initi¬ 
ated  and  completed  before  the  traffic 
flows  concluded. 


fabric  for  separate  applications. 

Management 

The  MDS  9509  is  managed  through  a 
command-line  interface,  which  has  the 
look  and  feel  of  a  Cisco  IOS  CLI.  Manage¬ 
ment  also  occurs  through  Device 
Manager  and  Fabric  Manager,  two  Java- 
based  Web  interfaces  that  can  be  down¬ 
loaded  directly  from  the  switch. 

Device  Manager  is  a  top-level  interface 
that  shows  the  switch’s  physical  configu¬ 
ration  and  status  on  individual  ports.  It 
graphically  displays  all  elements,  and  lets 
you  configure  elements  or  groups  of  ele¬ 
ments  on  the  switch. 

Fabric  Manager  provides  autodiscovery 
of  the  SAN  topology  and  presents  it  graph¬ 
ically.  You  can  monitor  network  health 
and  traffic,  view  traffic  statistics,  and  view 
network  element  inventories  from  one 
location.  It  also  allows  for  management 
and  configuration  of  interswitch  links. 

Hammer  is  manager  of  consulting  ser¬ 
vices  for  Miercom,  a  network  consultancy 
in  Princeton  Junction,  N.J.  He  can  be 
reached  at  mhommer@miercom.com. 


■  Hommer  also  is  a  member  of  the 
Network  World  Global  Test  Alliance,  a  coop 
erative  of  the  premier  reviewers  in  the  net 
work  industry,  each  bringing  to  bear  years 
of  practical  experience  on  every  review.  Fo 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 
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BackSpin 


Mark  Gibbs 


Microsoft  doing  it  wrong 


i 


n  my  Christmas  Backspin  (www. 
nwfusion.com,  DocFinder:  3843) 
wherein  i  discussed  the  giving  of 
clues  for  Christmas,  1  wrote  that  1 
would  like  to  give  a  clue  to  Microsoft 
for  foisting  ridiculous  architectures 
on  us  such  as  .Net  and  building 
TCP/IP  into  the  core  of  Windows  XP 

In  the  last  few  weeks  I  have  been  increasingly  an¬ 
noyed  and  disturbed  by  what  I  see  as  Microsoft’s 
strange  decisions  about  software  architectures  and 
its  apparent  unwillingness  or  inability  to  fix  the 
problems  that  it  creates. 

Microsoft  architecture  really  ticked  me  off  when  1 
tried  to  burn  a  CD  of  Christmas  photos  a  couple  of 
weeks  ago  for  my  brother-in-law  Bob  to  take  home 
to  England. 

Bob  had  bought  a  digital  camera  on  his  visit  (a 
Sony  P9,  which  is,  by  the  way,  an  excellent  product 
that  1  highly  recommend).  He  had  taken  hundreds 
of  shots  (including  several  dashing  ones  of  yours 
truly)  and  I’d  dumped  them  onto  my  PC  so  a  CD 
was  the  easiest  media  for  the  volume  of  data. 

Now  1  hadn’t  burned  a  CD  for  a  while  so  I  was 
surprised  that  when  I  dropped  the  files  onto  the 
drive  and  selected  the  write  process,  the  wizard 
appeared  which,  in  turn,  kicked  off  Windows  Media 
Player  9. 


Media  Player  immediately  claimed  there  was  no 
CD  in  the  drive  even  though  there  was.  1  tried  all 
sorts  of  things  and  finally  concluded  that  the  last 
time  I  had  burned  a  CD  was  before  the  last  Media 
Player  upgrade. 

As  there  was  no  easy  way  to  get  Windows  Media 
to  stay  out  of  the  way,  uninstallating  it  would  be 
the  only  option.  But  hold  hard!  How  to  do  this?  My 
machine  runs  XP  and  there  was  no  entry  in  the 
Add  or  Remove  Programs  applet  under  either 
“Change  or  Remove  Programs”  or  “Add/Remove 
Windows  Components”  sections,  no  option  in  the 
player  and  no  entry  in  the  program  group  to  get 
rid  of  it. 

In  news  reports  Microsoft  claimed  Media  Player 
was  so  integrated  with  the  XP  operating  system  that 
you  had  to  “roll  back”  to  the  last  System  Restore 
checkpoint  to  get  rid  of  it  (this  was  not  the  case 
with  Windows  98  SE  or  Windows  2000).  In  fact,  a 
Windows  Media  product  manager,  David  Caulton, 
was  quoted  as  saying  that  the  lack  of  an  uninstall 
wasn’t  a  mistake! 

Caulton  said  the  reason  was  “Media  Player’s  deep 
integration  into  the  operating  system."  And  he  went 
on:  “This  is  really  an  [operating  system]  upgrade.  If 
you  imagine  a  situation  with  an  XP  user  who  has 
got  all  these  links  into  media  capabilities  ...and 
you  updated  to  Windows  Media  Player  9  and 


removed  it,  all  those  become  dead  links." 

Yep,  dear  reader,  that  was  really  what  he  said.  But 
Microsoft  recently  released  an  update  (DocFinder: 
3844)  that  lets  you  remove  Media  Player  from  your 
XP  system. 

Hmmm.  Let’s  see,  Caulton  was  either  lying  or  was 
merely  a  pawn  who  was  mouthing  the  untruths  fed 
to  him  by  the  wily  spinmeisters  in  Redmond.  If  you 
were  Caulton  wouldn’t  you  be  feeling  like  a  bit  of  a 
fool  at  this  point? 

Now  the  reason  that  this  fix  miraculously  ap¬ 
peared  might  have  something  to  do  with  Micro¬ 
soft’s  ongoing  legal  troubles  —  the  courts  have 
told  the  company  that  this  kind  of  architectural 
commingling  constitutes  unfair  competition.  But 
the  bottom  line  is  that  this  whole  issue  is  proof 
positive  that  quality  in  the  form  of  sound  architec¬ 
tural  decisions  is  secondary  to  marketing  at 
Microsoft. 

As  I  have  said  before  (pontificating  from  my 
laissez-faire,  free-market  liberal  soapbox),  Microsoft 
should  be  allowed  to  do  what  it  wants.  And  if  that 
should  include  stupid  decisions  such  as  this,  then 
so  be  it  —  it  gives  developers  of  alternative  applica¬ 
tions  and  operating  systems  who  have  clearer 
thinking  a  chance  to  compete  by  doing  it  right. 

Send  your  clear  thoughts  to  backspin@gibbs.com. 


uzz  News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


A  dot-com  whose  time  will  come 

Stamps.com  should  be  a  big  success  —  someday 
—  even  though  the  company  has  taken  quite  a  licking 
these  past  few  years. 

Buying  postage  over  the  Internet  instead  of  leasing 
a  meter  or  standing  in  line  at  the  post  office  made 
sense  when  Stamps.com  was  founded  in  1996,  it 
made  sense  when  the  company  went  public  in  1999, 
and  it  makes  sense  today.  The  primary  target  market  —  small  and  home-based  busi¬ 
nesses —  is  enormous,  penny-conscious  and  strapped  for  time. 

The  fact  that  Stamps.com  hasn't  been  a  big  success  —  heck,  it  hasn't  had  a  prof¬ 
itable  quarter  —  can  be  attributed  to  the  same  mistakes  that  did  in  many  dot-coms: 
biting  off  too  much  too  quickly,  underestimating  the  marketing  challenge,  and  failing 
to  make  life  easy  for  the  customer.  Although  the  company  boasts  280,000  cus¬ 
tomers,  its  82-strong  workforce  and  $4.30  stock  price  are  slivers  of  its  heyday  highs. 

Whether  Stamps.com  will  ever  realize  its  promise  depends  not  only  on  overcoming 
those  early  missteps  but  also  a  pair  of  potentially  more  troublesome  forces:  deeply 
ingrained  postage-purchasing  habits  and  Pitney  Bowes,  the  800-pound  gorilla  of 
business  mailing.  Attorneys  for  Pitney  Bowes  and  Stamps.com  have  been  whacking 
each  other  over  the  head  with  patent  lawsuits,  and  it's  apparent  that  the  gorilla  can 
afford  this  gamesmanship  more  comfortably  than  can  the  upstart. 

Stamps.com  CEO  Ken  McBride  believes  his  company  has  made  significant 
strides.  “The  overriding  theme  was  simplification,"  he  says.  “If  you  had  been  a  user 
of  Stamps.com  early  on  you  were  likely  to  have  been  a  technology  early  adopter 
with  very  good  computer  skills  and  the  ability  to  go  through  a  fairly  onerous  regis¬ 
tration  process." 

How  onerous?  Try  two  to  three  hours,  including  a  "waiting  period"  mandated  by 


the  U.S.  Postal  Service,  which  licenses  the  handful  of  companies  authorized  to  sell 
postage  over  the  'Net. 

“We  ended  up  losing  a  lot  of  customers  who  would  come  to  our  Web  site  and  seem 
to  be  very  interested  but  would  not  make  it  through  that  process  for  obvious  rea¬ 
sons,"  McBride  says. 

“By  this  quarter  [registration]  should  be  down  to  about  15  minutes,"  he  says. 

That  still  might  be  too  long  for  a  lot  of  people,  but  the  improvement  should  help. 

Also  likely  to  help  is  a  new  feature  called  NetStamps  introduced  last  summer. 
NetStamps  lets  customers  print  postage  in  any  denomination  directly  onto  sheets 
of  labels  as  opposed  to  a  pre-addressed  envelope,  which  is  a  requirement  of  the  ear¬ 
lier  service  that  customers  found  constraining. 

"It’s  more  like  being  able  to  print  your  own  stamps  at  home,"  McBride  says. 

It’s  also  a  bone  of  contention  between  Pitney  Bowes  and  Stamps.com. 

McBride  says  the  company  expects  to  achieve  profitability  by  the  third  quarter, 
although  he  hedges  by  noting  the  uncertainty  of  those  mounting  legal  bills. 

Gates  has  time  for  this? 

What's  next  for  Microsoft?  Secret-decoder  rings?  GPS-enabled  cuff  links? 

The  question  arises  after  last  week's  Consumer  Electronics  Show  keynote  address 
by  Bill  Gates  that  touted  his  company's  foray  into  the  world  of . . .  wristwatches? 
Microsoft  is  joining  forces  with  timepiece  makers  Citizen  and  Fossil  to  peddle 
watches  called  SPOT  —  after  Microsoft’s  Smart  Personal  Objects  Technology.  The 
watches  will  depend  on  FM  radio  signals  and  DirectBand  to  bring  lucky  wearers  the 
usual  litany  of  consumer  wireless  joy:  traffic,  weather,  news,  sports,  yada-yada. 

Sure,  you  can  put  a  chip  in  a  toothbrush  and  some  gadget  freak  will  buy  one  so  he 
doesn't  miss  a  baseball  score  while  in  the  little  boys'  room. 

But  that  doesn't  make  a  watch  called  SPOT  any  less  of  a  dog. 

Want  to  bark  at  the  columnist?  The  address  is  buzz@nww.com. 


Sure,  you  want 

end-to-end  network  security. 


But  where  does  your  network  actually  end? 
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OPTICAL  NETWORKING 


STORAGE  NETWORKING 


WIRELESS  AND  MOBILE  OFFICE 


Threats  to  network  security  can  come  from  anywhere  at  anytime,  and  firewalls  alone 
will  not  stop  them.  Ensure  that  your  data  and  business  applications  stay  secure  by 
embedding  safeguards  throughout  your  entire  network.  With  a  defense-in-depth 
solution  from  Cisco,  you  can  provide  the  scalable,  manageable,  and  comprehensive 
protection  your  network  needs.  Cisco  integrates  advanced  security  and  VPN 
functionality  into  Cisco  IOS®  software  for  routers,  Catalyst-series  switches,  and  a  wide  range  of  market-leading  appliances.  So 
security  isn't  just  added  on;  it's  part  of  the  network  infrastructure  itself.  Contact  Cisco,  your  channel  partner,  or  your  Cisco  Powered 
Network  Service  Provider  to  learn  how  Cisco  can  provide  a  comprehensive,  cost-effective  security  solution  for  your  business. 
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Reallocate  your  resources 
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HP  ProLiant  DL  580G2  Server 
with  Intel"  Xeon™  processors 


i  II 
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Server  time  and  space  are  precious  commodities,  at  least  from  where 
you're  sitting.  Your  customers  are  clamoring  for  more,  more,  more,  while 
you  try  to  figure  out  how  to  deliver  with  less,  less,  less. 


HP  ProLiant  servers,  powered  by  Intel®  Xeon™  processors,  put  you  in 
control  of  your  resources  so  that  you  can  realize  the  true  potential  of  your 
infrastructure.  ProLiant  Essentials  Workload  Management  Pack  software 
lets  you  allocate  your  resources  to  specific  tasks  and  then  reallocate  them 
as  needed  —  automatically.  We  call  it  Dynamic  Resource  Scaling.  And  with 
this  added  control  and  increased  visibility,  you  may  even  find  you 
can  boost  efficiency  by  placing  more  workload  on  those  same  servers. 

It  all  adds  up  to  faster,  better  distribution,  increased  ROI  and  gigantic 
leaps  forward  in  customer  satisfaction.  Which,  of  course,  is  a  relief  to  you. 

Visit  www.hp.com/go/proliant74  or  call  1. 800.282. 6672, 
option  5,  and  mention  code  XFF  for  a  white  paper  on 
adaptive  infrastructure  and  a  free  trial  of  HP  ProLiant 
Essentials  software? 
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